8-4 WS5100 Series Switch Migration Guide
2. Create a trustpoint tpt1 and associate a keypair using
WS5100(config)#crypto pki trustpoint tpt1
WS5100(config-trustpoint)#subject-name ws5100 us kkk sj symbol wid
WS5100(config-trustpoint)#ip-address 111.222.111.x
WS5100(config-trustpoint)#fqdn www.symbol.com
WS5100(config-trustpoint)#email sym@symbol.com
WS5100(config-trustpoint)#rsakeypair key1
WS5100(config-trustpoint)#exit
3. Generate Certificate Request for the trustpoint tpt1.
WS5100(config)#crypto pki enroll tpt1 request
This generates a Certificate Request.
4. Send the request to the ftp server specified.Get the request signed by Appropriate CA.( Windows 2003
Server will also do).
WS5100(config)#crypto pki export external request ftp://<user:password>@ IP/
Path/File
5. Import the Signed Certificate on 111.222.111.x through either ftp or tftp.
WS5100(config)#crypto pki import external certificate ftp://<user:password>@
IP/ Path/servcert.pem
If the Certificate is valid and matches the key then gets successfully imported.
6. Export the keypair to an ftp/tftp server.
WS5100(config)#crypto key export rsa key1 ftp://<user:password>@ IP/ Path/
key.pem
8.2.4.2 Importing the Certificate to Another Switch
1. Import the key, that had been exported in the previous step from the specified URL, to the switch.
WS5100(config)#crypto key import rsa key1 ftp://<user:password>@ IP/ Path/
key.pem
2. Create a dummy trustpoint and assign rsa keypair.
WS5100(config)#crypto pki trustpoint dummy
WS5100(config-trustpoint)#rsakeypair key1
WS5100(config-trustpoint)#exit
WS5100(config)#
3. Import the certificate for the truspoint dummy.
WS5100(config)#crypto pki import dummy ftp://<user:password>@ IP/ Path/
servcert.pem
8.2.5 Configuring Trustpoint using the Web UI
To create a certificate using Web UI you need to:
•
Creating a Trustpoint
•
Uploading the Server Certificate/CA Certificate
command.
rsakeypair