Cisco Cisco ACE Application Control Engine Module

The bulk import feature allows you to import multiple SSL certificates and key-pair files at the same 
time. Because this feature imports files with the names that they have on the remote server, consider the 
following:

The ACE fetches all files on the remote server that matches the wildcard criteria. However, it 
imports only files with names that have a maximum of 39 characters. If the name of a file exceeds 
40 characters, the ACE does not import the file and discards it.

If you attempt to import a file that has the same filename of an existing local file, the ACE does not 
overwrite the existing file. Before importing the updated file, you must either rename the imported 
file or delete the local file.

The crypto import command has been expanded to include a bulk keyword and its options and 
arguments. The syntax of this command is as follows:

crypto import [non-exportable] bulk sftp [passphrase passphrase] ip_addr username 

The keywords, options, and arguments are as follows:

non-exportable—(Optional) Marks the imported file as nonexportable, which means that you 
cannot export the file from the ACE.

bulk—Specifies the importing of multiple certificate or key pair files simultaneously. 

sftp—Specifies the Secure File Transfer Protocol file transfer process. 

passphrase passphrase—(Optional) Indicates that the file was created with a passphrase, which you 
must submit with the file transfer request in order to use the file.The passphrase pertains only to 
encrypted PEM files and PKCS files. The passphrase should apply to all files being imported.

ip_addr—IP address of the remote server. Enter an IP address in dotted-decimal notation (for 
example, 192.168.12.15).

username—Username required to access the remote server. When you execute the command, the 
ACE prompts you for the password of the username on the remote server. Enter a name with a 
maximum of 64 characters. Do not include spaces or the following special characters:

;<>\|‘@$&()

remote_path—Remote path to the certificate or key pair files that reside on the remote server. The 
ACE fetches only files specified by the path; it does not recursively fetch remote directories. Enter 
a filename path including wildcards (for example, /remote/path/*.pem). The ACE supports POSIX 
pattern matching notation, as specified in section 2.13 of the “Shell and Utilities” volume of IEEE 
Std 1003.1-2004. This notation includes the “*,” “?” and “[“ metacharacters.

To fetch all files from a remote directory, specify a remote path that ends with a wildcard character 
(for example, /remote/path/*). Do not include spaces or the following special characters:

;<>\|‘@$&()

After the crypto import bulk command initially executes, pressing Ctrl-C may not cancel it.

The ACE does not a execute any crypto commands or the show crypto commands in 

 at the 

same time. See 

 for more information.