390 Managing Keys and Certificates
320657-A
Installing a Key Pair and Certificate from a PKCS #12 Object File
PKCS object files provide a file format for storing and transferring storing data and cryptographic information. (For
more information, see “PKCS #7, PKCS #10, and PKCS #12 Object Files” on page 385.) A PKCS #12 object file, which
you obtain from a CA, includes the private key, a certificate, and optionally the CA’s own certificate.
After transferring the PKCS #12 file from the CA through FTP and generating a one-time password to unlock it, you
store the file in the WSS switch’s certificate and key store. To set and store a PKCS #12 object file, follow these steps:
1 Copy the PKCS #12 object file to nonvolatile storage on the WSS. Use the following command:
copy tftp://filename local-filename
2 Enter a one-time password (OTP) to unlock the PKCS #12 object file. The password must be the same as
the password protecting the PKCS #12 file.
The password must contain at least 1 alphanumeric character, with no spaces, and must not include the
following characters:
● Quotation marks (““)
● Question mark (?)
● Ampersand (&)
To enter the one-time password, use the following command:
crypto otp {admin | eap | webaaa} one-time-password
3 Unpack the PKCS #12 object file into the certificate and key storage area on the WSS switch. Use the
following command:
crypto pkcs12 {admin | eap | webaaa} filename
The filename is the location of the file on the WSS switch.
Note. On an WSS that handles communications to or from Microsoft Windows
clients, use a one-time password of 31 characters or fewer.
Note. WSS Software erases the OTP password entered with the crypto otp
command when you enter the crypto pkcs12 command.
