Operation Manual

Cryptography Commands

16 – 411

crypto certificate

Installs one of the MX PKCS #7 certificates into the certificate and key storage area on the MX.

The certificate, which is issued and signed by a certificate authority, authenticates the MX either

to RingMaster or Web View, or to 802.1X supplicants (clients).

Syntax

crypto certificate {admin | eap | web} PEM-formatted certificate

Defaults

None.

Access

Enabled.

History

Usage

To use this command, you must already have generated a certificate request with the

crypto generate request command, sent the request to the certificate authority, and obtained a

signed copy of the MX certificate as a PKCS #7 object file. Then do the following:

1. Open the PKCS #7 object file with an ASCII text editor such as Notepad or vi.

2. Enter the crypto certificate command on the CLI command line.

3. When MSS prompts you for the PEM-formatted certificate, paste the PKCS #7 object file in the

command line.

The MX verifies the validity of the public key associated with this certificate before installing it, to

prevent a mismatch between the MX private key and the public key in the installed certificate.

Examples

The following command installs a certificate:

MX# crypto certificate admin

Enter PEM-encoded certificate

-----BEGIN CERTIFICATE-----

MIIBdTCP3wIBADA2MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQOExGjAYBgNVBAMU

EXR1Y2hwdWJzQHRycHouY29tMIGfMAOGCSqGSIb3DQEBAQAA4GNADCBiQKBgQC4

.....

2L8Q9tk+G2As84QYLm8wmVY>xP56M;CUAm908C2foYgOY40=

-----END CERTIFICATE-----