[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Manually Obtaining Digital Certificates

You can manually add digital certificates, or you can use SCEP to help manage how you obtain certificates.

For information about using SCEP to obtain certificates, see Obtaining Digital Certificates through SCEP.

To manually add a signed certificate:

  1. Create a certificate signing request.
  2. user@host> request security generate-certificate-request subject subject 
    password password 
    
    
    

where:

By default, this request creates the file /tmp/certreq.csr and encodes the file by using Privacy-Enhanced Mail (pem) encoding.

  1. Copy the file generated in Step 1 to another system, and submit the certificate signing request file generated in Step 1 to the certificate authority.

You can transfer the file through FTP by using the file copy command.

user@host> file copy source_file ftp://username@server[:port]/destination_file

The remote system prompts you for your password.

  1. When you receive the signed certificate, copy the file back to the system to the /tmp directory.

You can transfer the file through FTP, as shown in Step 2.

  1. Add the certificate to the SRC configuration.
  2. user@host> request security import-certificate file-name file-name identifier 
    identifier
    
    
    

where

For example, to import the file sdx.cer that is identified as web:

user@host> request security import-certificate file-name sdx.cer identifier web

  1. Verify that the certificate is part of the SRC configuration.
  2. user@host> show security certificate
    
    web subject:CN=host
    
    
    

If there are no certificates on the system, the CLI displays the following message:

user@host> show security certificate 
No entity certificates in key store


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]