Specifications

Creating Keys and Certificates

16-8 Managing Keys and Certificates

Installing a Key Pair and Certificate from a PKCS #12 Object File

PKCSobjectfilesprovideafileformatforstoringandtransferringstoringdataandcryptographic

information.(Formoreinformation,see“PKCS #7,PKCS #10,andPKCS #12ObjectFiles”on

page 16‐4.)APKCS #12objectfile,whichyouobtainfromaCA,includestheprivatekey,a

certificate,andoptionallytheCA’sown

certificate.

AftertransferringthePKCS #12filefromtheCAviaFTPandgeneratingaone‐timepasswordto

unlockit,youstorethefileintheRoamAboutswitch’scertificateandkeystore.

TosetandstoreaPKCS #12objectfile,followthesesteps:

1. CopythePKCS #12objectfiletononvolatilestorage

ontheRoamAboutswitch.Usethe

followingcommand:

copy tftp://filename local-filename

2. Enteraone‐timepassword(OTP)tounlockthePKCS #12 objectfi le.Thepasswordmustbe

thesameasthe passwordprotectingthePKCS #12file.

Thepasswordmustcontainatleast1 alphanumericcharacter,withnospaces,andmustnot

includethefollowingcharacters:

•Quotationmarks(““)

•Questionmark(?)

•Ampersand(&)

Toenter

theone‐timepassword,usethefollowingcommand:

crypto otp {admin | eap | web} one-time-password

3. UnpackthePKCS #12objectfileintothecertificateandkeystorageareaontheRoamAbout

switch.Usethefollowingcommand:

crypto pkcs12 {admin | eap | web} filename

ThefilenameisthelocationofthefileontheRoamAboutswitch.

Note: On a RoamAbout switch that handles communications to or from Microsoft Windows clients,

use a one-time password of 31 characters or fewer.

Note: MSS erases the OTP password entered with the crypto otp command when you enter the

crypto pkcs12 command.