564 CHAPTER 15: CRYPTOGRAPHY COMMANDS
crypto certificate Installs one of the WX switch’s PKCS #7 certificates into the certificate
and key storage area on the WX switch. The certificate, which is issued
and signed by a certificate authority, authenticates the WX switch either
to 3WXM or Web Manager, or to 802.1X supplicants (clients).
Syntax —
crypto certificate {admin | eap | web}
PEM-formatted certificate
admin — Stores the certificate authority’s administrative certificate,
which authenticates the WX switch to 3WXM or Web Manager.
eap — Stores the certificate authority’s Extensible Authentication
Protocol (EAP) certificate, which authenticates the WX switch to
802.1X supplicants (clients).
web — Stores the certificate authority’s WebAAA certificate, which
authenticates the WX to clients who use WebAAA.
PEM-formatted certificate — ASCII text representation of the
PKCS #7 certificate, consisting of up to 5120 characters, that you
have obtained from the certificate authority.
Defaults — None.
Access — Enabled.
History —Introduced in MSS Version 3.0. Webaaa option renamed to
web in MSS Version 4.1.
Usage — To use this command, you must already have generated a
certificate request with the crypto generate request command, sent
the request to the certificate authority, and obtained a signed copy of the
WX switch certificate as a PKCS #7 object file. Then do the following:
1 Open the PKCS #7 object file with an ASCII text editor such as Notepad
or vi.
2 Enter the crypto certificate command on the CLI command line.
3 When MSS prompts you for the PEM-formatted certificate, paste the
PKCS #7 object file onto the command line.
The WX switch verifies the validity of the public key associated with this
certificate before installing it, to prevent a mismatch between the WX
switch’s private key and the public key in the installed certificate.