Install the Certificate

About this task

Use this procedure to install one of the following:

  • certificate authority (CA) certificate

  • root CA certificate

  • subject certificate

  • Certificate Revocation List (CRL) file obtained offline from the CA

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Install the offline CA certificate:

    certificate install-file offline-ca-filename WORD<1-80>

  3. Install the CRL offline file:

    certificate install-file offline-crl-filename WORD<1-80>

  4. Install the root CA offline certificate:

    certificate install-file offline-root-ca-filename WORD<1-80>

  5. Install the subject offline certificate:

    certificate install-file offline-subject-filename WORD<1-80> [relaxed]

  6. Optional: Install the subject offline certificate with PKCS12-format:

    certificate install-file offline-subject-filename WORD<1-80> relaxed pkcs12-password WORD<1-128>

Variable Definitions

The following table defines parameters for the certificate install-file command.

Variable

Definition

offline-ca-filename WORD<1–80>

Specifies the certificate authority (CA) file name obtained from the CA.

offline-crl-filename WORD<1–80>

Specifies the CRL file obtained from the CA.

offline-root-ca-filename WORD<1–80>

Specifies the root CA file name obtained from the CA.

offline-subject-filename WORD<1–80>

Specifies the subject certificate file name obtained from the CA.

relaxed [pkcs12-password WORD<1-128>]

Note:

Exception: not supported on VSP 8600 Series or XA1400 Series.

Uses the relaxed mode for offline subject certificate installation for less restrictive consistency checks.

You can also install a PKCS12 format certificate and secret key in relaxed mode. WORD<1-128> is the password to extract the PKCS12 container. If you do not include this parameter, the supported format is Distinguished Encoding Rules (DER).