Digital certificate configuration examples
This section shows how to obtain an online CA signed certificate, remove the expired certificate, renew the certificate, and install an offline subject certificate.
Obtain an Online CA-signed Subject Certificate
Use the following procedure as an example to obtain an online CA signed subject certificate that the application can use.
About this task
In the following commands, the variable WORD<1-45> refers to the name of the certificate authority and the variable WORD<1-80> refers to the certificate filename.
Procedure
Install an Offline CA Certificate
Use the following procedure as an example to install an offline CA certificate.
About this task
In the following commands, the variable WORD<1-80> refers to the certificate filename.
Procedure
Configure X.509 V3 certificates for SSH Two Factor Authentication
Use the following procedure as an example to configure the SSH server on the switch, and the SSH client Secure CRT for two factor authentication using X.509 V3 certificates.
Before you begin
The following certificates must be loaded on the SSH server and SSH client:
-
For the Secure CRT (SSH client):
-
subject certificate from the PIV card.
-
-
For the switch (SSH server):
-
CAC-server.pem - the subject certificate
-
ca.cert.pem - the root CA certificate
-
Self-signedTrustAnchorCertificate.cer - the root CA certificate that signed the intermediate certificate
-
RSA2048IssuingCACertificate.cer - the intermediate certificate signed by the pervious root CA that signed the subject certificate.
-
About this task
Use the following steps as an example to configure the SSH server on the switch, the RADIUS Windows server, and the SSH client Secure CRT.
Procedure
X.509 Authentication Username Option Example
Use the following procedure as an example to configure username authentication options using X.509 V3 certificates.