Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

341

342

343

344

345

346

347

348

349

350

Key and Certificate Configuration Scenarios

RoamAbout Mobility System Software Configuration Guide 16-13

Issuer: C=US, ST=CA, L=PLEAS, O=Enterasys, OU=SQA, CN=BOBADMIN/

emailAddress=BOBADMIN, unstructuredName=BOB

Validity:

Not Before: Oct 19 01:59:42 2004 GMT

Not After : Oct 19 01:59:42 2005 GMT

RBT-8100# show crypto certificate web

Certificate:

Version: 3

Serial Number: 999 (0x3e7)

Subject: C=US, ST=CA, L=PLEAS, O=

Enterasys, OU=SQA, CN=BOBADMIN/

emailAddress=BOBADMIN, unstructuredName=BOB

Signature Algorithm: md5WithRSAEncryption

Issuer: C=US, ST=CA, L=PLEAS, O=

Enterasys, OU=SQA, CN=BOBADMIN/

emailAddress=BOBADMIN, unstructuredName=BOB

Validity:

Not Before: Oct 19 02:02:02 2004 GMT

Not After : Oct 19 02:02:02 2005 GMT

Installing CA-Signed Certificates from PKCS #12 Object Files

ThisscenarioshowshowtousePKCS #12objectfilestoinstallpublic‐privatekeypairs,CA‐signed

certificates,andCAcertifiesforadministrativeaccess,802.1X(EAP)access,andWeb AAAaccess.

1. Settimeanddateparameters,ifnotalreadyset.(See“ConfiguringandManagingTime

Parameters”onpage 5‐20.)

2. ObtainPKCS #12object

filesfromacertificateauthority.

3. CopythePKCS #12objectfilestononvolatilestorageontheRoamAboutSwitch.Usethe

followingcommand:

copy tftp://filename local-filename

Forexample,tocopyPKCS #12filesnamed2048admn.p12,20481x.p12,and2048web.p12

fromtheTFTPserverattheaddress192.168.253.1,typethefollowingcommands:

RBT-8100# copy tftp://192.168.253.1/2048admn.p12 2048admn.p12

success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]

RBT-8100# copy tftp://192.168.253.1/20481x.p12 20481x.p12

success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]

RBT-8100# copy tftp://192.168.253.1/2048web.p12 2048web.p12

success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]

4. Entertheone‐timepasswords(OTPs)forthePKCS #12objectfiles.TheOTPprotectsthe

PKCS #12file.

Toenteraone‐timepassword,usethefollowingcommand:

crypto otp {admin | eap | web} one-time-password

Forexample:

RBT-8100# crypto otp admin SeC%#6@o%c

OTP set

RBT-8100# crypto otp eap SeC%#6@o%d

OTP set

RBT-8100# crypto otp web SeC%#6@o%e

OTP set