Managing Keys and Certificates 397
Nortel WLAN Security Switch 2300 Series Configuration Guide
Installing CA-Signed Certificates from PKCS #12 Object Files
This scenario shows how to use PKCS #12 object files to install public-private key pairs, CA-signed certificates, and CA
certifies for administrative access, 802.1X (EAP) access, and Web AAA access.
1 Set time and date parameters, if not already set. (See “Configuring and Managing Time Parameters” on
page 136.)
2 Obtain PKCS #12 object files from a certificate authority.
3 Copy the PKCS #12 object files to nonvolatile storage on the WSS. Use the following command:
copy tftp://filename local-filename
For example, to copy PKCS #12 files named 2048admn.p12, 20481x.p12, and 2048web.p12 from the
TFTP server at the address 192.168.253.1, type the following commands:
23x0# copy tftp://192.168.253.1/2048admn.p12 2048admn.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
23x0# copy tftp://192.168.253.1/20481x.p12 20481x.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
23x0# copy tftp://192.168.253.1/2048web.p12 2048web.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
4 Enter the one-time passwords (OTPs) for the PKCS #12 object files. The OTP protects the PKCS #12
file.
To enter a one-time password, use the following command:
crypto otp {admin | eap | webaaa} one-time-password
For example:
23x0# crypto otp admin SeC%#6@o%c
OTP set
23x0# crypto otp eap SeC%#6@o%d
OTP set
23x0# crypto otp web SeC%#6@o%e
OTP set
5 Unpack the PKCS #12 object files into the certificate and key storage area on the WSS switch. Use the
following command:
crypto pkcs12 {admin | eap | webaaa} filename
The filename is the location of the file on the WSS switch.
For example:
23x0# crypto pkcs12 admin 2048admn.p12
Unwrapped from PKCS12 file:
keypair
device certificate
CA certificate
