Confirming Ca Authentication - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

Chapter 43 Configuring Certificate Authorities and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
From the Command field drop-down menu, select the appropriate option. Available options are caauth,
Step 3
cadelete, certreq, certimport, certdelete, pkcs12import, and pkcs12export. The caauth option is
provided to authenticate a CA and install its CA certificate or certificate chain in a trust point.
Click the Browse button in the URL field and select the appropriate import certificate file from the
Step 4
Bootflash Files dialog box. It is the file name containing the CA certificate or chain in the
bootflash:filename format.
Note
Note
Click Apply Changes to save the changes.
Step 5
Authentication is then confirmed or not confirmed depending on whether or not the certificate can be
accepted after manual verification of its fingerprint.
Note For subordinate CA authentication, the full chain of CA certificates ending in a self-signed CA is
required because the CA chain is needed for certificate verification as well as for PKCS#12 format
export.

Confirming CA Authentication

As mentioned in step 5 of
to be followed by CA confirmation in order to accept the CA certificate based on its fingerprint
verification.
To confirm CA authentication using Fabric Manager, follow these steps:
Expand Switches > Security and then select PKI in the Physical Attributes pane.
Step 1
Click the Trust Point Actions tab in the Information Pane.
Step 2
Make a note of the CA certificate fingerprint displayed in the IssuerCert FingerPrint column for the trust
Step 3
point row in question. Compare the CA certificate fingerprint with the fingerprint already communicated
by the CA (obtained from the CA web site).
If the fingerprints match exactly, accept the CA with the certconfirm command in the Command
drop-down menu. Otherwise, reject the CA with the certnoconfirm command.
Step 4 If you selected certconfirm in step 3, click Command and select the certconfirm action from the
drop-down menu. Click Apply Changes.
If you selected certnoconfirm in step 3, click Command and select the certnoconfirm action
drop-down menu. Click Apply Changes.
OL-17256-03, Cisco MDS NX-OS Release 4.x
You can authenticate a maximum of 10 trust points to a specific CA.
If you do not see the required file in the Import Certificate dialog box, make sure that you copy
the file to bootflash. See "Copying Files to Bootflash" section on page
"Authenticating the CA" section on page
Configuring CAs and Digital Certificates
43-10, CA authentication is required
Cisco MDS 9000 Family Fabric Manager Configuration Guide
9.
43-11