sys crypto pkcs12ΒΆ

sys crypto pkcs12(1)					BIG-IP TMSH Manual				      sys crypto pkcs12(1)

       pkcs12 - Install pkcs12 keys and certificates on the BIG-IP(r) system.

       sys crypto

       Install keys and certificates from pkcs12 files using the syntax in the following section.

	 install pkcs12 [name]
	       [enterprise-manager | iquery | iquery-big3d | ltm | webserver]
	     from-local-file [filename]
	     from-url [URL]
	       [fips | password | normal]
	     passphrase [passphrase]

       You can use the pkcs12 component to install cryptographic keys and certificates from pkcs12 formatted files. The file-
       objects created by these operations can be used in other BigIP configuration blocks such as ssl profiles.

       install pkcs12 example from-local-file /tmp/example.p12

       Obtains a pkcs12 from the file located at /tmp/example.p12, and installs the key and certificate from that file as file-
       objects named "example.key" and "example.crt" respectively.

       install pkcs12 /myfolder/example from-local-file /tmp/example.p12

       Similar to above, but installs the key "example.key" and cert "example.crt" in folder "/myfolder" instead of the default
       "/Common". The specified folder "/myfolder" must already exist in order for this operation to succeed.

       install pkcs12 example prompt-for-password from-local-file /tmp/example.p12

       Same as above but also prompts for a password which is to be used to decrypt the pkcs12 file.

       install pkcs12 my from-url

       Obtains a pkcs12 file from a remote host, based on the URL specified.

       install pkcs12 server consumer webserver from-local-file /tmp/example.p12

       Obtains a pkcs12 file from /tmp/example.p12 and installs the key and certificate from that file as file-objects that can be
       used by the "webserver". The consumer attribute, "webserver", is used to cause these files to be placed directly in the
       paths which can be found by the BigIP's httpd.

	    Specifies the system component by which a key and associated certificate from a PKCS12 file will be consumed. The
	    default behavior is to create file-objects for use by ltm components. This is the same as specifying "ltm" for this
	    property. If a component other than "ltm" is specified then files will be installed/created into locations where the
	    specified components can find them. For example, for component "webserver", keys and certs will be placed in the
	    webservers ssl directories.

	    Specifies a local file path from which the contents of the PKCS12 are to be read.

	    Specifies a URI which is to be used to obtain a PKCS12 for import into the configuration of the system.

	    The URL syntax is protocol dependent. Supported schemes are "HTTP", "HTTPS", "FTP", "FTPS" & "FILE."

	    Specifies the passphrase to be used to encrypt the key.

	    Specifies the security type of the key. Default is set to "normal".

	    Specifies the passphrase to be used to decrypt the PKCS12 file.

	    Specifies option of not overwriting key/certificate if they are in the scope.

       install, tmsh

       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2009-2013. All rights reserved.

BIG-IP							    2013-07-17					      sys crypto pkcs12(1)