Siemens RUGGEDCOM ROX II User Manual page 220

Chapter 6
Security
Section 6.8.4.3
Adding a CA Certificate and CRL
To add a certificate issued by a Certified Authority (CA) and its associated Certificate Revocation List (CRL), do the
following:
NOTE
Only admin users can read/write certificates and keys on the device.
1. Enable auto-wizard by typing:
autowizard true
2. Make sure the CLI is in Configuration mode.
NOTE
Before inserting the contents of the certificate, enter multi-line mode by pressing Esc+m. Press Ctrl
+d to exit multi-line mode after the certificate has been added.
3. Add the CA certificate by typing:
security crypto ca certificate key-cert-sign-certificate contents
Where:
• certificate is the name of the certificate
• contents is the contents of the certificate
4. Add the associated Certificate Revocation List (CRL).
NOTE
Large CRLs (bigger than 100KB) are not currently supported and may be difficult to add/view in the
configuration.
NOTE
Before inserting the contents of the CRL, enter multi-line mode by pressing Esc+m. Press Ctrl+d to
exit multi-line mode after the CRL has been added.
• If the CRL is signed by a separate certificate, type:
security crypto ca certificate crl-sign-certificate contents
Where:
▫ certificate is the name of the certificate
▫ contents is the contents of the signed CRL
• If the CRL is not signed, type:
security crypto ca certificate crl contents
Where:
▫ certificate is the name of the certificate
▫ contents is the contents of the CRL
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
5.
174
RUGGEDCOM ROX II
CLI User Guide
Adding a CA Certificate and CRL