Manualshelf

Hub/Switch Reference Guide

ManualsBrandsNortel Networks ManualsSwitch2300 Series
481482483484485486487488489490
Cryptography Commands 487
Nortel WLAN—Security Switch 2300 Series Command Line Reference
Defaults
None.
Access
Enabled.
History
Usage
The password allows the public-private key pair and certificate to be installed together from the same
PKCS #12 object file. WSS Software erases the one-time password after processing the crypto pkcs12
command or when you reboot the WSS.
Nortel recommends that you create a password that is memorable to you but is not subject to easy guesses or a dictionary
attack. For best results, create a password of alphanumeric uppercase and lowercase characters.
Examples
The following command creates the one-time password hap9iN#ss for installing an EAP
certificate and key pair:
WSS# crypto generate otp eap hap9iN#ss
OTP set
See Also
crypto pkcs12 on page 477
crypto pkcs12
Unpacks a PKCS #12 object file into the certificate and key storage area on the WSS. This object file contains a public-
private key pair, a WSS certificate signed by a certificate authority, and the certificate authority’s certificate.
Syntax
crypto pkcs12 {admin | eap | web} file-location-url
one-time-password Password of at least 1 alphanumeric character, with no spaces, for
clients other than Microsoft Windows clients. The password must
be the same as the password protecting the PKCS #12 object file.
Note: On a WSS that handles communications to and from
Microsoft Windows clients, use a one-time password of
31 characters or fewer.
The following characters cannot be used as part of the one-time
password of a PKCS #12 file:
Quotation marks (“ ”)
Question mark (?)
•Ampersand (&)
Version 4.1 webaaa option renamed to web
admin Unpacks a PKCS #12 object file for an administrative certificate
and key pair—and optionally the certificate authority’s own
certificate—for authenticating the WSS to WLAN Management
Software or Web View.
eap Unpacks a PKCS #12 object file for an EAP certificate and key
pair—and optionally the certificate authority’s own certificate—for
authenticating the WSS to 802.1X supplicants (clients).