User manual
Software Authentication Manager Commands on Cisco IOS XR Software
sam add certificate
SR-209
Cisco IOS XR System Security Command Reference
requires user authentication. Another example is acquiring the certificate from a person or entity that
you can verify, such as by checking the identification badge for a person. If you bypass the validation
protection offered by the SAM, you must verify the identity and integrity of the certificate by some other
valid process.
Certificates added to the memory (mem) location validate software installed in memory. Certificates
added to the disk0 or disk1 location validate software installed on those devices, respectively.
Note If the sam add certificate command fails with a message indicating that the certificate has expired, the
networking device clock may have been set incorrectly. Use the show clock command to determine if
the clock is set correctly.
Examples The following example shows how to add the certificate found at /bootflash/ca.bin to the certificate table
in the root location without first validating the certificate:
RP/0/RP0/CPU0:router# sam add certificate /bootflash/ca.bin root trust
SAM: Successful adding certificate /bootflash/ca.bin
The following example shows how to add the certificate found at /bootflash/css.bin to the certificate
table in the memory (mem) location after validating the certificate:
RP/0/RP0/CPU0:router# sam add certificate /bootflash/css.bin mem untrust
SAM: Successful adding certificate /bootflash/css.bin
Related Commands Command Description
sam delete certificate Deletes a certificate from the certificate table.
show sam certificate Displays records in the certificate table, including the location of the
certificates.
show clock Displays networking device clock information.