PKI IMPORT

Level

pki,modify

History

Appears in Netasq 9.0.0
global appears in 3.7.0
usb appears in 3.9.0
tpm appears in 3.10.0
usb disappears in 4.0.0
force behavior changed in 4.1.0
shortname appears in 4.4.0
type behavior changed in 4.4.0

Description

Import an item into the PKI (The global PKI cannot import requests nor private keys.) If an existing certificate is to be replaced and no tpm parameter is given, the same security level is used.

Usage

format=<p12|pem|der>
type=<req|cert|pkey|crl|ca|all>
[password=<pass>]
[shortname=<name>]
[force=<0|1>]
[global=<0|1>]
[tpm=<none|ondisk>]
- none: Do not use a TPM
- ondisk: Store the private key on disk but encrypts it with a symmetric key on the TPM. Requires a firewall with a TPM chip
If force=1 is used and the certificate already exists, replace the old certificate
If force=0 or isn't specified and the certificate already exists, do not import the certificate
If shortname is present then the imported file must contain no more than a single cert or req
Several types can be specified in a comma separated list