Installing a Server Certificate for Network Users 53
assigned by a certificate authority (CA). If you use a certificate assigned by
a CA, you also need to install the CA’s own certificate for validation.
If you use an authentication protocol that uses EAP-TLS on the WX
switch, users also need certificates. (For more information, see the
Wireless LAN Switch and Controller Configuration Guide.)
The command syntax for installing certificates for management by 3WXM
or Web Manager and installing certificates for network users is very
similar. The CLI commands for configuring network user authentication
use the eap option instead of the admin option, but are otherwise the
same. Likewise, the procedures are the same.
Generating a
Self-Signed
Certificate for
Network Users
As an alternative to using a certificate assigned by a CA, you can
generate a self-signed certificate on the WX switch. To use a self-signed
certificate, use the following commands:
crypto generate key eap {1024 | 2048}
crypto generate self-signed eap
The common name is required. The other fields are optional. MSS
automatically installs the key and self-signed certificate into its certificate
and key store.
Installing a Certificate
Assigned by a
Certificate Authority
for Network Users
You can install a certificate assigned by a CA in one of the following
ways:
■ Install a PKCS #12 object file—To use this method:
■ Install a PKCS #7 object file—To use this method:
In either case, you also need to install the CA’s own certificate. The CA
certificate allows users to verify that the switch certificate assigned by the
CA is valid.
Installing a Certificate for Network Users from a PKCS #12 Object
File
To install a public-private key pair and a certificate assigned by a CA in a
PKCS #12 object file, use the following commands:
copy tftp://ip-addr/source-url [destination-url]
crypto otp eap string
crypto pkcs12 eap filename
To Next Page
Loading...
