Nortel 2350 用户指南
458 Managing keys and certificates
NN47250-500 (320657-F Version 02.01)
Installing a CA’s own certificate
If you installed a CA-signed certificate from a PKCS #7 file, you must also install the PKCS #7 certificate of
that CA. (If you used the PKCS #12 method, the CA’s certificate is usually included with the key pair and
server certificate.)
that CA. (If you used the PKCS #12 method, the CA’s certificate is usually included with the key pair and
server certificate.)
To install a CA’s certificate, use the following command:
crypto ca-certificate {admin | eap | web} PEM-formatted-certificate
When prompted, paste the certificate under the prompt. For example:
WSS# crypto ca-certificate admin
Enter PEM-encoded certificate
-----BEGIN CERTIFICATE-----
MIIDwDCCA2qgAwIBAgIQL2jvuu4PO5FAQCyewU3ojANBgkqhkiG9wOBAQUFAD
CB
mzerMClaweVQQTTooewi\wpoer0QWNFNkj90044mbdrl1277SWQ8G7DiwYUtrqoQp
lKJ
.....
Lm8wmVYxP56M;CUAm908C2foYgOY40=
-----END CERTIFICATE-----
Enter PEM-encoded certificate
-----BEGIN CERTIFICATE-----
MIIDwDCCA2qgAwIBAgIQL2jvuu4PO5FAQCyewU3ojANBgkqhkiG9wOBAQUFAD
CB
mzerMClaweVQQTTooewi\wpoer0QWNFNkj90044mbdrl1277SWQ8G7DiwYUtrqoQp
lKJ
.....
Lm8wmVYxP56M;CUAm908C2foYgOY40=
-----END CERTIFICATE-----
Displaying certificate and key information
To display information about certificates installed on a WSS, use the following commands:
show crypto ca-certificate {admin | eap | web}
show crypto certificate {admin | eap | web}
For example, to display information about an administrative certificate, type the following command:
WSS# show crypto certificate admin
Certificate:
Version: 3
Serial Number: 999 (0x3e7)
Subject: C=US, ST=CA, L=PLEAS, O=NRTL, OU=SQA, CN=BOBADMIN/
emailAddress=BOBADMIN, unstructuredName=BOB
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=CA, L=PLEAS, O=NRTL, OU=SQA, CN=BOBADMIN/
emailAddress=BOBADMIN, unstructuredName=BOB
Validity:
Not Before: Oct 19 01:57:13 2004 GMT
Not After : Oct 19 01:57:13 2005 GMT
Certificate:
Version: 3
Serial Number: 999 (0x3e7)
Subject: C=US, ST=CA, L=PLEAS, O=NRTL, OU=SQA, CN=BOBADMIN/
emailAddress=BOBADMIN, unstructuredName=BOB
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=CA, L=PLEAS, O=NRTL, OU=SQA, CN=BOBADMIN/
emailAddress=BOBADMIN, unstructuredName=BOB
Validity:
Not Before: Oct 19 01:57:13 2004 GMT
Not After : Oct 19 01:57:13 2005 GMT
The last two rows of the display indicate the period for which the certificate is valid. Make sure the date and
time set on the switch are within the date and time range of the certificate.
time set on the switch are within the date and time range of the certificate.