Install Certificates
Chapter 4. Maintenance Tasks
44
When replacing the certificate, make sure to set the HA4000 gateway’s internal
clock, as described in “Configure DF Bit Handling” on page 30. The date and time
settings are required to track certificate expiration dates.
Caution
Installing a new certificate on the HA4000 may prevent a browser connection for
several hours, because the HA4000 is unaware of time zones. The certificate
authority (CA) installed on the device is set to EST, which means that on the East
Coast of the United States, a certificate with a GMT timestamp does not enter the
validity period for five hours. Therefore, to avoid time zone problems with a new
Note:
certificate, wait 24 hours before installing it on the HA4000.
If you plan to replace the HA4000 certificate, contact a CA to obtain a certificate in
PKCS #12 format. The pass phrase that is provided to encrypt the file when it is
created is also used to decrypt it when downloading the file to the HA4000. After
receiving the certificate file, place it on an FTP server on your network so that it
can be downloaded to the HA4000.
Install a New Certificate
1. Log in as Network Manager.
2. Check the FTP client configuration; enter this command:
show system:running
Make any necessary adjustments. For details, go to “View Configurations” on
page 39.
3. At the
admin>
prompt, enter this command:
copy ftp:idCertificate <filename> <
passphrase
> [nvram:]
4. Put the new certificate into effect; enter the
reboot
command.
Example
This example downloads a replacement ID certificate from an FTP server, and then
reboots the system to make the new certificate the active one:
admin>
copy ftp:idCertificate mycerts/idcert.pks “mypassphrase”
admin>
reboot
