Signing The Tcl Scripts - Cisco Catalyst 2960 series Configuration Manual

How to Configure Signed Tcl Scripts
Email Address []:janedoe@company.com
Step 2
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners,
size, and when last modified.
Example:
Host% ls -l
total 24
-rw-r--r--
-rw-r--r--
-rw-r--r--
The cert.pem file contains the X.509 certificate created using the openssl req command.

Signing the Tcl Scripts

Perform this task to sign the Tcl scripts. You will need to sign the Tcl file and output in OpenSSL document
in pkcs7 (PKCS#7) format.
To sign the Tcl file, use the openssl smime command with the -sign keyword.
SUMMARY STEPS
1. openssl smime -sign -in tcl-file -out signed-tcl-file -signer certificate-file -inkey private-key-file -outform
DER -binary
2. ls -l
DETAILED STEPS
Step 1
openssl smime -sign -in tcl-file -out signed-tcl-file -signer certificate-file -inkey private-key-file -outform DER
-binary
This command signs the Tcl filename tcl-file using the certificate stored in certificate-file and the private key stored in
private-key-file file and then writes the signed Tcl file in DER PKCS#7 format to the signed-tcl-filefile.
Example:
Host% openssl smime -sign -in hello -out hello.pk7 -signer cert.pem -inkey privkey.pem -outform DER
-binary
Step 2
ls -l
This command displays detailed information about each file in the current directory, including the permissions, owners,
size, and when last modified.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1830
1 janedoe eng12 1659 Jun 12 15:01 cert.pem
1 janedoe eng12 1679 Jun 12 14:55 privkey.pem
1 janedoe eng12 451 Jun 12 14:57 pubkey.pem