It may take several days to receive the certificates. If the certificates arrive by e-mail, save them to an
FTP server. If the CA provides access to the certificates on an FTP server, make note of the path name
and make sure you have a login name and password on the server.
Installing a switch certificate
Perform this procedure on each switch.
1.
Connect to the switch and log in as admin.
2.
Enter this command:
switch:admin>
3.
Select a protocol, enter the IP address of the host on which the switch certificate is saved, and enter
your login name and password:
Select protocol [ftp or scp]:
Enter IP address:
Enter remote directory: path_to_remote_directory
Enter certificate name (must have ".crt" suffix):
Enter Login Name: your_account
Enter Password: *****
Success: imported certificate [192.1.2.3.crt].
To use this certificate, run the configure command to activate it. The certificate is downloaded to the
switch.
Activating a switch certificate
1.
Enter the configure command
2.
When the ssl attributes comes up, type y
Respond to the prompts that apply to SSL certificates:
3.
SSL attributes
Certificate File
CA Certificate File
Select length of crypto key Enter the encryption key length (40, 56, or 128).
HTTP attributes
Secure HTTP enabled
For example:
Configure...
System services (yes, y, no, n): [no]
ssl attributes (yes, y, no, n): [no]
Certificate File. (filename or none): [10.33.13.182.crt]
CA Certificate File. (filename or none): [none]
Select length of crypto key.
(Valid values are 40, 56, and 128.): (40..128) [128]
http attributes (yes, y, no, n): [no]
HTTP Enabled (yes, y, no, n): [yes]
Secure HTTP Enabled (yes, y, no, n): [no]
After you exit the configure command, the HTTP daemon restarts automatically to handle HTTPS
requests.
92
Configuring standard security features
seccertutil import
ftp
192.10.11.12
Enter y or yes.
Enter the name of the switch certificate file: for example,
192.1.2.3.crt.
If you want the CA name to be displayed in the browser
window, enter the name of the CA certificate file; otherwise, skip
this prompt.
Enter yes.
Enter yes.
no
192.1.2.3.crt
yes
192.1.2.3.crt
yes
yes