PKI IMPORT

Level

pki+modify

History

Appears in Netasq 9 0 0
global appears in 3 7 0
usb appears in 3 9 0
tpm appears in 3 10 0
usb disappears in 4 0 0
force behavior changed in 4 1 0

Description

Import an item into the PKI (The global PKI cannot import requests nor private keys ) If an existing certificate is to be replaced and no tpm parameter is given, the same security level is used

Implementation notes

Used by SMC, so report to them whenever changes CACHE_CATEGORY pki

Usage

format=<p12|pem|der>
type=<req|cert|pkey|crl|ca|all>
[password=<pass>]
[force=<0|1>]
[global=<0|1>]
[tpm=<none|ondisk>]
- none: Do not use a TPM
- ondisk: Store the private key on disk but encrypts it with a symmetric key on the TPM Requires a firewall with a TPM chip
If force=1 is used and the certificate already exists, replace the old certificate
If force=0 or isn't specified and the certificate already exists, do not import the certificate