sys crypto pkcs12
sys crypto pkcs12(1) BIG-IP TMSH Manual sys crypto pkcs12(1)
NAME
pkcs12 - Install pkcs12 keys and certificates on the BIG-IP(r) system.
MODULE
sys crypto
SYNTAX
Install keys and certificates from pkcs12 files using the syntax in the following section.
INSTALL
install pkcs12 [name]
options:
consumer
[enterprise-manager | iquery | iquery-big3d | ltm | webserver]
from-local-file [filename]
from-url [URL]
key-passphrase
key-security-type
[fips | password | normal]
passphrase [passphrase]
no-overwrite
DESCRIPTION
You can use the pkcs12 component to install cryptographic keys and certificates from pkcs12 formatted files.
The file-objects created by these operations can be used in other BigIP configuration blocks such as ssl
profiles.
EXAMPLES
install pkcs12 example from-local-file /tmp/example.p12
Obtains a pkcs12 from the file located at /tmp/example.p12, and installs the key and certificate from that
file as file-objects named "example.key" and "example.crt" respectively.
install pkcs12 /myfolder/example from-local-file /tmp/example.p12
Similar to above, but installs the key "example.key" and cert "example.crt" in folder "/myfolder" instead of
the default "/Common". The specified folder "/myfolder" must already exist in order for this operation to
succeed.
install pkcs12 example prompt-for-password from-local-file /tmp/example.p12
Same as above but also prompts for a password which is to be used to decrypt the pkcs12 file.
install pkcs12 my from-url http://example.com/my.p12
Obtains a pkcs12 file from a remote host, based on the URL specified.
install pkcs12 server consumer webserver from-local-file /tmp/example.p12
Obtains a pkcs12 file from /tmp/example.p12 and installs the key and certificate from that file as file-
objects that can be used by the "webserver". The consumer attribute, "webserver", is used to cause these files
to be placed directly in the paths which can be found by the BigIP's httpd.
OPTIONS
consumer
Specifies the system component by which a key and associated certificate from a PKCS12 file will be
consumed. The default behavior is to create file-objects for use by ltm components. This is the same as
specifying "ltm" for this property. If a component other than "ltm" is specified then files will be
installed/created into locations where the specified components can find them. For example, for component
"webserver", keys and certs will be placed in the webservers ssl directories.
from-local-file
Specifies a local file path from which the contents of the PKCS12 are to be read.
from-url
Specifies a URI which is to be used to obtain a PKCS12 for import into the configuration of the system.
The URL syntax is protocol dependent. Supported schemes are "HTTP", "HTTPS", "FTP", "FTPS" & "FILE."
key-passphrase
Specifies the passphrase to be used to encrypt the key.
key-security-type
Specifies the security type of the key. Default is set to "normal".
passphrase
Specifies the passphrase to be used to decrypt the PKCS12 file.
no-overwrite
Specifies option of not overwriting key/certificate if they are in the scope.
SEE ALSO
install, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2013. All rights reserved.
BIG-IP 2013-07-17 sys crypto pkcs12(1)