User`s manual
266
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing Keys and Certicates
Installing CA-Signed Certicates from PKCS #12 Object Files
This scenario shows how to use PKCS #12 object les to install public-private key pairs,
CA-signed certicates, and CA certies for 802.1X (EAP) access.
1. Set time and date parameters, if not already set.
2. Obtain PKCS #12 object les from a certicate authority.
3. Copy the PKCS #12 object les to nonvolatile storage on the switch. Use the following
command:
copy tftp://filename local-filename
For example, to copy 20481x.p12 from the TFTP server at the address 192.168.253.1, type
the following commands:
DWS-1008# copy tftp://192.168.253.1/20481x.p12 20481x.p12
success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]
4. Enter the one-time passwords (OTPs) for the PKCS #12 object les. The OTP protects
the PKCS #12 le.
To enter a one-time password, use the following command:
crypto otp {admin | eap} one-time-password
For example:
DWS-1008# crypto otp eap SeC%#6@o%d
OTP set
5. Unpack the PKCS #12 object les into the certicate and key storage area on The
switch. Use the following command:
crypto pkcs12 {eap} filename
The filename is the location of the le on the switch.
For example:
DWS-1008# crypto pkcs12 eap 20481x.p12
Unwrapped from PKCS12 file:
keypair
device certificate
CA certificate
Note: MSS erases the OTP password entered with the crypto otp command when you
enter the crypto pkcs12 command.