sys crypto pkcs12
sys crypto pkcs12(1) BIG-IP TMSH Manual sys crypto pkcs12(1)
NAME
pkcs12 - Install pkcs12 keys and certificates on the BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
Install keys and certificates from pkcs12 files using the syntax in the
following section.
INSTALL
install pkcs12 [name]
options:
consumer
[enterprise-manager | iquery | iquery-big3d | ltm | webserver]
from-local-file [filename]
from-url [URL]
key-passphrase
key-security-type
[fips | password | normal]
passphrase [passphrase]
no-overwrite
DESCRIPTION
You can use the pkcs12 component to install cryptographic keys and
certificates from pkcs12 formatted files. The file-objects created by
these operations can be used in other BigIP configuration blocks such
as ssl profiles.
EXAMPLES
install pkcs12 example from-local-file /tmp/example.p12
Obtains a pkcs12 from the file located at /tmp/example.p12, and
installs the key and certificate from that file as file-objects named
"example.key" and "example.crt" respectively.
install pkcs12 /myfolder/example from-local-file /tmp/example.p12
Similar to above, but installs the key "example.key" and cert
"example.crt" in folder "/myfolder" instead of the default "/Common".
The specified folder "/myfolder" must already exist in order for this
operation to succeed.
install pkcs12 example prompt-for-password from-local-file
/tmp/example.p12
Same as above but also prompts for a password which is to be used to
decrypt the pkcs12 file.
install pkcs12 my from-url http://example.com/my.p12
Obtains a pkcs12 file from a remote host, based on the URL specified.
install pkcs12 server consumer webserver from-local-file
/tmp/example.p12
Obtains a pkcs12 file from /tmp/example.p12 and installs the key and
certificate from that file as file-objects that can be used by the
"webserver". The consumer attribute, "webserver", is used to cause
these files to be placed directly in the paths which can be found by
the BigIP's httpd.
OPTIONS
consumer
Specifies the system component by which a key and associated
certificate from a PKCS12 file will be consumed. The default
behavior is to create file-objects for use by ltm components. This
is the same as specifying "ltm" for this property. If a component
other than "ltm" is specified then files will be installed/created
into locations where the specified components can find them. For
example, for component "webserver", keys and certs will be placed
in the webservers ssl directories.
from-local-file
Specifies a local file path from which the contents of the PKCS12
are to be read.
from-url
Specifies a URI which is to be used to obtain a PKCS12 for import
into the configuration of the system.
The URL syntax is protocol dependent. Supported schemes are
"HTTP", "HTTPS", "FTP", "FTPS" & "FILE."
key-passphrase
Specifies the passphrase to be used to encrypt the key.
key-security-type
Specifies the security type of the key. Default is set to
"normal".
passphrase
Specifies the passphrase to be used to decrypt the PKCS12 file.
no-overwrite
Specifies option of not overwriting key/certificate if they are in
the scope.
SEE ALSO
install, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013. All rights reserved.
BIG-IP 2013-07-17 sys crypto pkcs12(1)