Filter
Top Products
462 Managing keys and certificates
NN47250-500 (320657-F Version 02.01)
Installing CA-signed certificates from PKCS #12 object files
This scenario shows how to use PKCS #12 object files to install public-private key pairs, CA-signed certificates, and CA
certifies for administrative access, 802.1X (EAP) access, and Web-based AAA access.
1 Set time and date parameters, if not already set. (See “Configuring and managing time parameters”
(page 139).)
2 Obtain PKCS #12 object files from a certificate authority.
3 Copy the PKCS #12 object files to nonvolatile storage on the WSS. Use the following command:
copy tftp://filename local-filename
For example, to copy PKCS #12 files named 2048admn.p12, 20481x.p12, and 2048web.p12 from the
TFTP server at the address 192.168.253.1, type the following commands:
WSS# copy tftp://192.168.253.1/2048admn.p12 2048admn.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
WSS# copy tftp://192.168.253.1/20481x.p12 20481x.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
WSS# copy tftp://192.168.253.1/2048web.p12 2048web.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
4 Enter the one-time passwords (OTPs) for the PKCS #12 object files. The OTP protects the PKCS #12 file.
To enter a one-time password, use the following command:
crypto otp {admin | eap | web} one-time-password
For example:
WSS# crypto otp admin SeC%#6@o%c
OTP set
WSS# crypto otp eap SeC%#6@o%d
OTP set
WSS# crypto otp web SeC%#6@o%e
OTP set
5 Unpack the PKCS #12 object files into the certificate and key storage area on the WSS. Use the following
command:
crypto pkcs12 {admin | eap | web} filename
The filename is the location of the file on the WSS.
For example:
WSS# crypto pkcs12 admin 2048admn.p12
Unwrapped from PKCS12 file:
keypair
device certificate
CA certificate