3Com WX4400 3CRWX440095A User Manual

Page 423

background image

Creating Keys and Certificates

423

Installing a Key Pair

and Certificate from a

PKCS #12 Object File

PKCS object files provide a file format for storing and transferring storing
data and cryptographic information. (For more information, see
“PKCS #7, PKCS #10, and PKCS #12 Object Files” on page 417.) A
PKCS #12 object file, which you obtain from a CA, includes the private
key, a certificate, and optionally the CA’s own certificate.

After transferring the PKCS #12 file from the CA via FTP and generating a
one-time password to unlock it, you store the file in the WX switch’s
certificate and key store. To set and store a PKCS #12 object file, follow
these steps:

1 Copy the PKCS #12 object file to nonvolatile storage on the WX. Use the

following command:

copy tftp://filename local-filename

2 Enter a one-time password (OTP) to unlock the PKCS #12 object file. The

password must be the same as the password protecting the PKCS #12
file.

The password must contain at least 1 alphanumeric character, with no
spaces, and must not include the following characters:

„

Quotation marks (““)

„

Question mark (?)

„

Ampersand (&)

On a WX that handles communications to or from Microsoft Windows
clients, use a one-time password of 31 characters or fewer.

To enter the one-time password, use the following command:

crypto otp {admin | eap | web} one-time-password

3 Unpack the PKCS #12 object file into the certificate and key storage area

on the WX switch. Use the following command:

crypto pkcs12 {admin | eap | web} filename

The filename is the location of the file on the WX switch.

MSS erases the OTP password entered with the crypto otp command
when you enter the crypto pkcs12 command.