266
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing Keys and Certificates
DWS-1008#
show crypto certificate webaaa
Certificate:
Version: 3
Serial Number: 999 (0x3e7)
Subject: C=US, ST=CA, L=PLEAS, O=TRPZ, OU=SQA, CN=BOBADMIN/
emailAddress=BOBADMIN, unstructuredName=BOB
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=CA, L=PLEAS, O=TRPZ, OU=SQA, CN=BOBADMIN/
emailAddress=BOBADMIN, unstructuredName=BOB
Validity:
Not Before: Oct 19 02:02:02 2004 GMT
Not After : Oct 19 02:02:02 2005 GMT
Installing CA-Signed Certificates from PKCS #12 Object Files
This scenario shows how to use PKCS #12 object files to install public-private key pairs,
CA-signed certificates, and CA certifies for administrative access, 802.1X (EAP) access, and
Web AAA access.
1.
Set time and date parameters, if not already set.
2.
Obtain PKCS #12 object files from a certificate authority.
3.
Copy the PKCS #12 object files to nonvolatile storage on the switch. Use the following
command:
copy
tftp://
filename local-filename
For example, to copy PKCS #12 files named 2048admn.p12, 20481x.p12, and 2048web.P12
from the TFTP server at the address 192.168.253.1, type the following commands:
DWS-1008#
copy tftp://192.168.253.1/2048admn.p12 2048admn.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
DWS-1008#
copy tftp://192.168.253.1/20481x.p12 20481x.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
DWS-1008#
copy tftp://192.168.253.1/2048web.p12 2048web.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
4.
Enter the one-time passwords (OTPs) for the PKCS #12 object files. The OTP protects
the PKCS #12 file.
To enter a one-time password, use the following command:
crypto otp
{
admin
|
eap
|
webaaa
}
one-time-password