Thanks for the tip, but it turns out that my problem wasn't about syntax but method. Pasting all of the parts of a certificate into the configuration and comitting doesn't actually "install" a certificate, or so I've learned. Rather than pasting it in, TAC informs me that I must exit configuration mode and import the certificate as below: scp import certificate source-ip <scp server IP> remote-port <scp server port> from <user>@<scp server>:<path><filename> format <pem|pkcs12> [passphrase <pass phrase>] certificate-name <name> Whe the certificate is imported, that invalid syntax line magically materializes in the show output.
... View more