Installing A Key Pair And Certificate From A Pkcs #12 Object File - D-Link DWS-1008 - AirPremier MobileLAN Switch Product Manual

Installing a Key Pair and Certificate from a PKCS #12
PKCS object files provide a file format for storing and transferring storing data and cryptographic
information. (For more information, see "PKCS #7, PKCS #10, and PKCS #12 Object Files".) A PKCS
#12 object file, which you obtain from a CA, includes the private key, a certificate, and optionally the
CA's own certificate.
After transferring the PKCS #12 file from the CA via FTP and generating a one-time password to unlock
it, you store the file in the switch's certificate and key store. To set and store a PKCS #12 object file,
follow these steps:
1. Copy the PKCS #12 object file to nonvolatile storage on the switch. Use the following
command:
copy tftp://filename local-filename
2. Enter a one-time password (OTP) to unlock the PKCS #12 object file. The password must
be the same as the password protecting the PKCS #12 file.
The password must contain at least 1 alphanumeric character, with no spaces, and must
not include the following characters:
• Quotation marks ("")
• Question mark (?)
• Ampersand (&)
Note: On a switch that handles communications to or from Microsoft Windows
use a one-time password of 31 characters or fewer.
To enter the one-time password, use the following command:
crypto otp {admin | eap | web} one-time-password
3. Unpack the PKCS #12 object file into the certificate and key storage area on the switch.
Use the following command:
crypto pkcs12 {admin | eap | web} filename
The filename is the location of the file on the switch.
Note: MSS erases the OTP password entered with the crypto otp command when you
enter the crypto pkcs12 command.
D-Link DWS-1008 User Manual
Object File
clients,
®