Import private keys or certificates onto the Sun Secure Application Switch in ASCII format. The data you paste is data you exported from another system, generated with the CKM generate command, or received from the CA.
The certificate you import could either be a newly-assigned certificate returned from a CA or an existing certificate moving from one system to another. If you are importing a certificate chain, enter the data of the subject of the certificate first, and then enter the data of the issuers. The issuer data is ordered from most directly responsible for certificate issuance and back. That is, the intermediary directly responding to your request would be next, the CA backing the intermediary after that, a CA backing that CA after that, and so on. Do not press Ctrl+Z until all data has been pasted into the buffer.
This command has an optional password argument. If you are importing a certificate that you exported from another Sun Secure Application Switch system, do not use the password argument. Because certificates are public keys and not sensitive information, exporting does not require a password.
You can import private key data onto the Sun Secure Application Switch after exporting a key using the CKM export command. Or, you can move data that was exported from another system on to your local system.
To import either private keys or certificates, you must have copied the data to your clipboard, as the command requires you paste it into the terminal window.
Note: Any keys imported must meet the supported key size requirements of 512, 1024, or 2048 bytes.
The optional password argument is for private keys that are encrypted under a password. If the private key is not encrypted, you do not need to specify a password. This command has an optional password argument.
The following table summarizes the rules for password use on import:
| Format | Rule |
|---|---|
| PEM | Optional password on import. To determine, examine the data header. If a password is required, header displays "ENCRYPTED". |
| DER | Never requires a password on import. |
| IIS4 | Probably requires a password on import. If the password was specified as " " on export, leave the argument blank. |
| PKCS #12 | Probably requires a password on import. If the password was specified as " " on export, leave the argument blank. |
| internalCkm | Always requires a password on private key import, never on certificate import. |
config
vSwitch-name ckm import paste
| Field Name | Description |
|---|---|
| keyId text | Specifies the index entry that identifies the certified public key (which becomes your certificate) or private key that you are importing. |
| pairHalf enumeration | Which half of the key pair is being imported (private key or certificate). Valid values:
|
| format enumeration | The key or certificate format, generated by the exporting web server or switch. Valid values:
|
| password passwordText | Optional: An alphanumeric string, 255 or fewer characters, associated with key on export. |
| data mlText | Private key or certificate data. This data was either exported from another system or received back from a CA. |