protocol ssl bulk-export password
Exports the current SSL configuration, keys, and certificates.
Syntax
protocol ssl bulk-export password <password> [include-servers] [incl-scep-crl]
Parameters
<password> | Password used to encrypt exported data. |
include-servers | Includes server certificates and keys. If you include this parameter, the data includes the peering certificate, key, all certificate authorities, and all peering trust entities. In addition, it contains all the back-end server configurations (certificates, keys, and so on). Important: To protect your server’s private keys, do not include this keyword when performing bulk exports of peers. |
incl-scep-crl | Includes Simple Certificate Enrollment Protocol (SCEP) and Certificate Revocation List (CRL) configuration. |
Usage
Use bulk-export to expedite backup and peer trust configurations:
• Backup - You can use the bulk export feature to back up your SSL configurations, including your server configurations and private keys.
• Peer Trust - If you use self-signed peering certificates and have multiple SteelHeads (including multiple server-side appliances), you can use the bulk import feature to avoid configuring each peering trust relationship between the pairs of SteelHeads.
To protect your server private keys, do not include server configurations (for example, Certificates and Keys) when performing bulk exports of trusted peers.
The following rules apply to bulk data when importing and exporting the data:
• Peering Certificate and Key Data - If the serial numbers match, the SteelHead importing the bulk data overwrites its existing peering certificates and keys with that bulk data. If the serial numbers do not match, the SteelHead importing the bulk data does not overwrite its peering certificate and key.
• Certificate Authority, Peering Trust, and SSL Server Configuration Data - For all other configuration data such as certificate authorities, peering trusts, and server configurations (if included), if there is a conflict, the imported configuration data take precedence (that is, the imported configuration data overwrites any existing configurations).
Example
amnesiac (config) # protocol ssl bulk-export password foo_pass include-servers
U2FsdGVkX1/GM9EmJ0O9c1ZXh9N18PuxiAJdG1maPGtBzSrsU/CzgNaOrGsXPhor
VEDokHUvuvzsfvKfC6VnkXHOdyAde+vbMildK/lxrqRsAD1n0ezFFuobYmQ7a7uu
TmmSVDc9jL9tIVhd5sToRmeUhYhEHS369ubWMWBZ5rounu57JE6yktECqo7tKEVT
DPXmF1BSbnbK+AHZc6NtyYP3OQ88vm9iNySOHGzJ17HvhojzWth5dwNNx28I8GDS
zCmkqlaNX6vI3R/9KmtIR/Pk6QCfQ0sMvXLeThnSPnQ6wLGctPxYuoLJe0cTNlVh
r3HjRHSKXC7ki6Qaw91VDdTobtQFuJUTvSbpKME9bfskWlFh9NMWqKEuTJiKC7GN
[partial example]
Product
SteelHead CX, SteelHead EX, SteelHead-v, SteelHead-c
Related Commands