Importing Ca Certificate; Porting The Certificate Onto Another Switch; Create A Keypair And Associate It To A Trustpoint - Motorola WS5100 Series Migration Giude

Hide thumbs Also See for WS5100 Series:

Cli reference manual (492 pages)

Reference manual (444 pages)

Troubleshooting manual (100 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

Table of Contents

2. Generate Certificate Request for the trustpoint external.

WS5100(config)#crypto pki enroll external request

This generates a Certificate Request.

3. Send the request to the ftp server specified.Get the request signed by Appropriate CA.( Windows 2003

Server will also do).

WS5100(config)#crypto pki export external request ftp://<user:password>@ IP/

Path/File

4. Import the Signed Certificate on to the WS5100 Switch through either ftp or tftp

WS5100(config)#crypto pki import external certificate ftp://<user:password>@

IP/ Path/servcert.pem

If the certificate is valid and matches the key then it is successfully imported. This allows import of

certificate in either PEM or DER format from the specified URL.

8.2.3 Importing CA Certificate

CA certificate can be associated with an existing trustpoint which already has server certificate associated

with it or a new trustpoint.

CA Certificate can be imported to a trustpoint 'external'.

WS5100(config)#crypto pki authenticate external ftp://<user:password>@ IP/

Path/cacert.pem

Where cacert.pem is a Ca Certificate. This allows import of ca certificate in either PEM or DER format from

the specified URL.

8.2.4 Porting the Certificate Onto Another Switch

A key pair can be generated seperated and can be exported, imported and assigned to a trustpoint. The

following usecase explains how a certificate is ported to another switch.

8.2.4.1 Create a Keypair and Associate it to a Trustpoint

Create key pair key1 and associate it to trustpoint tpt1. Generate a certificate request for the trustpoint and

get the request signed by a certificate authority. Next import the signed server certificate and export the key

that is associated to the trustpoint tpt1.

To port the same server certificate on to another switch, import the key and certificate onto another switch

specified in

Importing the Certificate to Another

1. Generate an rsa key pair

WS5100(config)#crypto key generate rsa key1 1024

WS5100(config)#show crypto key mypubkey rsa

Keypair <name> Configured

************************************************

key1

Switch.

8-3

Certificate Management

Table of Contents

Importing Ca Certificate; Porting The Certificate Onto Another Switch; Create A Keypair And Associate It To A Trustpoint - Motorola WS5100 Series Migration Giude

8.2.3 Importing CA Certificate

8.2.4 Porting the Certificate Onto Another Switch

8.2.4.1 Create a Keypair and Associate it to a Trustpoint

Related Manuals for Motorola WS5100 Series

Related Content for Motorola WS5100 Series

Table of Contents