Operation Manual
Cryptography Commands 16 – 409
16
Cryptography Commands
A digital certificate is a form of electronic identification for computers. The MX requires digital
certificates to authenticate communications to RingMaster and Web View, to WebAAA clients,
and to Extensible Authentication Protocol (EAP) clients for which the MX performs all EAP
processing. Certificates can be generated on the MX or obtained from a certificate authority (CA).
Keys contained within the certificates allow the MX, the servers, and the wireless clients to
exchange information secured by encryption.
This chapter presents cryptography commands alphabetically. Use the following table to locate
commands in this chapter based on their use.
Note:
If the MX does not already have certificates, MSS automatically generates the
missing ones the first time the MX boots with MSS Version 4.2 or later. You do not
need to install certificates unless you want to replace the ones automatically
generated by MSS. (For more information, see the “Certificates Automatically
Generated by MSS” section in the “Managing Keys and Certificates” chapter of the
Trapeze Mobility System Software Configuration Guide.)
Note:
Before installing a new certificate, verify with the show timedate and show
timezone commands that the MX is set to the correct date, time, and time zone.
Otherwise, certificates might not be installed correctly.
Encryption Keys crypto generate key on page 16-412
show crypto key domain on page 16-419
show crypto key ssh on page 16-419
PKCS #7 Certificates crypto generate request on page 16-412
crypto ca-certificate on page 16-410
show crypto ca-certificate on page 16-417
crypto certificate on page 16-411
show crypto certificate on page 16-418
PKCS #12 Certificate crypto otp on page 16-415
crypto pkcs12 on page 16-416
Self-Signed Certificate crypto generate self-signed on page 16-414