Owners manual

ManualsBrandsD-Link ManualsNetworkingDGS-1510-28P

531

532

533

534

535

536

537

538

539

540

DGS-1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide

530

crypto pki import TRUSTPOINT pem tftp://IP-ADDRESS/[DIRECTORY/]FILE-NAME [password

PASSWORD-PHRASE] {ca | local | both}

Parameters

TRUSTPOINT

Specifies the name of the trust-point that is associated with the

imported certificates and key pairs.

FILE-SYSTEM

Specifies the file system for certificates and key pairs. A colon (:) is

required after the specified file system.

DIRECTORY

(Optional) Specifies the directory name where the Switch should

import the certificates and key pairs in the Switch or TFTP server.

FILE-NAME

Specifies the name of the certificates and key pairs to be imported. By

default, the Switch will append this name with .ca, .prv and .crt for CA

certificate, private key and certificate respectively.

password PASSWORD-

PHRASE

(Optional) Specifies the encrypted password phrase that is used to

undo encryption when the private keys are imported. The password

phrase is a string of up to 64 characters. If the password phrase is not

specified, the NULL string will be used.

tftp

Specifies the source URL for a TFTP network server.

IP-ADDRESS

Specifies the IP address of the TFTP server.

Specifies to import the CA certificate only.

local

Specifies to import local certificate and key pairs only.

both

Specifies to import the CA certificate, local certificate and key pairs.

Default

None.

Command Mode

Privileged EXEC Mode.

Command Default Level

Level: 15.

Usage Guideline

This command allows administrators to import certificates and key pairs in the PEM-formatted files.

Proper certificates and key pairs need to be imported to the Switch according to the desired key

exchange algorithm. RSA and DSA certificates/key pairs should be imported for RSA and DHS-DSS

respectively. RSA and DSA certificates and keys are incompatible. An SSL client that has only an RSA

certificate and key cannot establish a connection with an SSL server that has only a DSA certificate and

key.

The imported certificate(s) may form a certificate chain which establishes a sequence of trusted

certificates from a peer certificate to the root CA certificate. The trust point CA is the certificate authority

configured on the Switch as the trusted CA. Any obtained peer certificate will be accepted if it is signed by

a locally trusted CA or its subordinates.

If the specified trust point doesn’t exist, an error message will be prompted.

Example

This example shows how to import certificates (CA and local) and key pair files to trust-point "TP1" via

TFTP.