To load a Trust Anchor Certificate against a TA Profile, execute the following command.
|
|
NOTE: The TA profile must exist for the command to succeed. |
|
|
Syntax:
copy sftp ta-certificate
ta-profile-name
ip-addr/ipv6-addr|host-name-str user <user-name>|username@ip-strport <TCP-port> FILE-NAME
Syntax:
Copy a Trust Anchor (TA) certificate to the device using TFTP:
Copy a Trust Anchor (TA) certificate to the device using SFTP:
copy sftp local-certificate [
Cert-Name
] [<ip-addr/ipv6-addr/host-name-str>] [user <user-name>] [username@ip-str <filename>]The file is checked immediately upon completion of transfer and results written to the CLI. The file can be in PEM-encoded or DER-encoded (binary) PKCS#7 format. If the certificate subject matches an existing TA certificate associated with the specified TA profile, then the new certificate updates the existing certificate.
Any certificate which is a root or intermediate certificate will be accepted as a TA certificate. There is no check for the subject.