Table of Contents
Advertisement
Chapter 94: Secure HTTPS Web Browser Server
Configuring the HTTPS Web Server for a Certificate Issued by a CA
1452
Here are the main steps to configuring the HTTPS web browser server for
a certificate from a CA:
1. Create a self-signed certificate with "CRYPTO CERTIFICATE
GENERATE" on page 1461, in the Global Configuration mode. The
command has this format:
crypto certificate
common_name organizational_unit organization location
state country duration
The parameters are described in step 1 in the previous procedure and
in "CRYPTO CERTIFICATE GENERATE" on page 1461.
2. Create an enrollment request with "CRYPTO CERTIFICATE
REQUEST" on page 1465, in the Global Configuration mode. The
format of the command is shown here:
crypto certificate
organizational_unit organization location state country
The values of the parameters in this command must be exactly the
same as the corresponding values from the CRYPTO CERTIFICATE
GENERATE command, used to create the self-signed certificate. This
includes the ID_NUMBER parameter. Any differences, including
differences in capitalizations, will cause the switch to reject the CA
certificate when you import it into the switch's certificate database.
3. Cut and paste the enrollment request from your screen into a word
processor document.
4. Submit the enrollment request to the CA.
5. After you receive the certificate files from the CA, download them into
the switch's file system using TFTP or Zmodem. For instructions, refer
to Chapter 38, "File Transfer" on page 571. Be sure to download all
certificate files from the CA.
6. Import the certificate into the certificate database with "CRYPTO
CERTIFICATE IMPORT" on page 1464. The command has this
format:
crypto certificate
The ID_NUMBER parameter is the ID number you assigned the self-
signed certificate and enrollment request.
id_number
generate
id_number
request
id_number
import
length passphrase
common_name
Hide quick links:
Advertisement
Table of Contents
