Importing an IKEv2 Digital Certificate
1. Import the CA certificate file.
2. Import the host key file.
3. Import the host certificate file.
Generating an IKEv2 Digital Certificate
1. Create an HTTPS certificate defining the information you want to be used in the
various fields.
2. Save the HTTPS certificate.
© Copyright Lenovo 2015
To import an IKEv2 digital certificate for authentication:
CN4093(config)# copy tftp cacert address <hostname or IPv4 address>
Source file name: <path and filename of CA certificate file>
Port type ["DATA"/"MGT"]: >
Confirm download operation [y/n]: y
CN4093(config)# copy tftp hostkey address <hostname or IPv4 address>
Source file name: <path and filename of host private key file>
Port type ["DATA"/"MGT"]: >
Confirm download operation [y/n]: y
CN4093(config)# copy tftp hostcert address <hostname or IPv4 address>
Source file name: <path and filename of host certificate file>
Port type ["DATA"/"MGT"]: >
Confirm download operation [y/n]: y
Note: When prompted for the port to use for download the file, if you used a
management port to connect the switch to the server, enter mgt, otherwise enter
data.
To create an IKEv2 digital certificate for authentication:
CN4093(config)# access https generatecertificate
Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email (eg, email address) []:
Confirm generat'eywing certificate? [y/n]: y
Generating certificate. Please wait (approx 30 seconds)
restarting SSL agent
The certificate is valid only until the switch is rebooted. To save the certificate so
that it is retained beyond reboot or power cycles, use the following command:
CN4093(config)# access https savecertificate
<country code>
<state>
<city>
<company>
<org. unit>
<name>
<email address>
Chapter 26: Using IPsec with IPv6
379