3Com WX2200 3CRWX220095A Switch User Manual

Creating Keys and Certificates 423
Installing a Key Pair
and Certificate from a
PKCS #12 Object File
PKCS object files provide a file format for storing and transferring storing
data and cryptographic information. (For more information, see
“PKCS #7, PKCS #10, and PKCS #12 Object Files” on page 417.) A
PKCS #12 object file, which you obtain from a CA, includes the private
key, a certificate, and optionally the CA’s own certificate.
After transferring the PKCS #12 file from the CA via FTP and generating a
one-time password to unlock it, you store the file in the WX switch’s
certificate and key store. To set and store a PKCS #12 object file, follow
these steps:
1 Copy the PKCS #12 object file to nonvolatile storage on the WX. Use the
following command:
copy tftp://filename local-filename
2 Enter a one-time password (OTP) to unlock the PKCS #12 object file. The
password must be the same as the password protecting the PKCS #12
The password must contain at least 1 alphanumeric character, with no
spaces, and must not include the following characters:
Quotation marks (““)
Question mark (?)
Ampersand (&)
On a WX that handles communications to or from Microsoft Windows
clients, use a one-time password of 31 characters or fewer.
To enter the one-time password, use the following command:
crypto otp {admin | eap | web} one-time-password
3 Unpack the PKCS #12 object file into the certificate and key storage area
on the WX switch. Use the following command:
crypto pkcs12 {admin | eap | web} filename
The filename is the location of the file on the WX switch.
MSS erases the OTP password entered with the crypto otp command
when you enter the crypto pkcs12 command.