copy crypto-pki

To back up certificates and private keys over SFTP, TFTP and USB, use the copy crypto-pki command in Privileged EXEC Mode. Private keys and entire configuration backups are encrypted using a user supplied password.

Device to media (SFTP/TFTP/USB)

copy crypto-pki

copy crypto-pki { {file } { <name> } { | all} } { {tftp://server/filename } { | sftp://<user-nam>e>:<pass-word>@server/filename } { | usb} } { [filename } { <filename>] } { [password } { <string (32)>] }

media (SFTP/TFTP/USB) to Device

copy crypto-pki { {<tftp_url> } { | <sftp_url> } { | {usb } { <string(32)>}} } { {private } { | public } { | CA } { | all } } { [ { filename } { <string(32)>}] } { [{password } { <string(32)>}] }

Parameters

Parameter Type Description
file   Enter a Private Key or Certificate file.
name string (32) Enter a name to specify a Private Key or Certificate to be backed up.
all   Enter to back up all certificates.
tftp://server/filename tftp_url Enter a TFTP URL.
sftp://user:pwd@<ip>/filename sftp_url Enter a SFTP URL.
usb   Enter to copy to USB media.
filename   Enter a filename identifier.
<filename> string (32) Enter to specify a name of destination file. Used only for USB.
password   Enter for a password identifier.

Mode

Privileged EXEC Mode

Examples

USB

iS5comm # copy crypto-pki file r1Key.pem usb filename r1key password pass

iS5comm # copy crypto-pki usb r1Key private filename r1Key.pem password pas

iS5comm # copy crypto-pki usb r1Key private password pass

iS5comm # copy crypto-pki file r1Cert.pem usb filename r1C

iS5comm # copy crypto-pki usb r1Cert.pem public filename r1Cert.pem

iS5comm # copy crypto-pki usb r1Cert.pem public

iS5comm # copy crypto-pki all usb filename certificates.conf password pass

iS5comm # copy crypto-pki usb certificates.conf all password pass

iS5comm # copy crypto-pki usb certificates.conf all password pass

iS5comm # copy crypto-pki all usb filename cybsec.conf password pass

SFTP

iS5comm # copy crypto-pki file r1Key.pem sftp://pi:[email protected]/r1key password pass

iS5comm # copy crypto-pki sftp://pi:[email protected]/r1key private filename r1Key.pem password pass

iS5comm # copy crypto-pki sftp://pi:[email protected]/r1key private password pass

iS5comm # copy crypto-pki file r1Cert.pem sftp://pi:[email protected]/r1Cert.pem

iS5comm # copy crypto-pki sftp://pi:[email protected]/r1Cert.pem public

iS5comm # copy crypto-pki sftp://pi:[email protected]/r1Cert.pem public filename r1CertCopy.pem

iS5comm # copy crypto-pki all sftp://pi:[email protected]/cybsec.conf password pass

iS5comm # copy crypto-pki sftp://pi:[email protected]/cybsec.conf all password pass

TFTP

iS5comm # copy crypto-pki file r2Key.pem tftp://10.10.101.3/r2key password pass

iS5comm # copy crypto-pki tftp://10.10.101.3/r2key private filename r2Key.pem password pass

iS5comm # copy crypto-pki tftp://10.10.101.3/r2key private password pass

iS5comm # copy crypto-pki file r2Cert.pem tftp://10.10.101.3/r2Cert.pem

iS5comm # copy crypto-pki tftp://10.10.101.3/r2Cert.pem public

iS5comm # copy crypto-pki tftp://10.10.101.3/r2Cert.pem public filename r2CertCopy.pem

iS5comm # copy crypto-pki all tftp://10.10.101.3/cybsec.conf password pass

iS5comm # copy crypto-pki tftp://10.10.101.3/cybsec.conf all password pass

Parent topic: IPSec Policy Configuration