Importing Certificate And Rsa Key Pairs From Backup Using Fabric Manager; Importing Certificate And Rsa Key Pairs From Backup Using The Cli - Cisco 9134 - MDS Multilayer Fabric Switch Troubleshooting Manual
Mds 9000 family
Hide thumbs
Also See for 9134 - MDS Multilayer Fabric Switch:
- Release notes (10 pages) ,
- Configuration manual (1484 pages) ,
- Installation manual (108 pages)
Table of Contents
Advertisement
Chapter 24
Troubleshooting Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Importing Certificate and RSA Key Pairs from Backup Using Fabric Manager
To import certificates and RSA key pairs from a PKCS#12 backup file using Fabric Manager, follow
these steps:
Step 1
Choose Switches > Security > PKI and select the TrustPointDetails tab to verify that the trust point is
empty.
Step 2
Optionally, follow these steps to empty the trust point:
a.
b.
c.
d.
e.
Step 3
In Device Manager, choose Admin > Flash Files and select Copy to copy the PKCS#12 format file to
the switch bootflash.
In Fabric Manager, choose Switches > Security > PKI and select the TrustPoint Actions tab.
Step 4
Select the pkcs12import option from the Command drop-down menu to import the key pair, identity
Step 5
certificate, and the CA certificate or certificate chain in PKCS#12 format to the selected trust point.
Enter the input in bootflash:filename format, for the PKCS#12 file.
Step 6
Enter the required password. The password is set for decoding the PKCS#12 data. On completion, the
Step 7
imported data is available in bootflash in the specified file.
Click Apply Changes to save the changes.
Step 8
On completion the trust point is created in the RSA key pair table corresponding to the imported key
pair. The certificate information is updated in the trust point.
The trust point should be empty (no RSA key pair associated with it and no CA is associated with it using
Note
CA authentication) for the PKCS#12 import to succeed.
Importing Certificate and RSA Key Pairs from Backup Using the CLI
To import certificates and RSA key pairs from a PKCS#12 backup file using the CLI, follow these steps:
Step 1
Use the show crypto ca trustpoints command to verify that the trust point is empty.
Optionally, use the delete ca-certificate command in trust point config submode to remove the CA
Step 2
certificate from the trust point.
switch(config)# crypto ca trustpoint myCA
switch(config-trustpoint)# delete ca-certificate
OL-9285-05
Choose Switches > Security > PKI and select the TrustPoint tab.
Delete the RSA key pair from the Key Pair Name field and click Apply Changes.
Choose Switches > Security > PKI and select the TrustPoint Actions tab.
Select cadelete from the Command drop-down menu and click Apply Changes to delete the CA
certificate.
Select forcecertdelete from the Command drop-down menu and click Apply Changes to delete the
identity certificates.
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
Digital Certificate Issues
24-11
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
