Digital certificate configuration examples
This section shows how to obtain an online CA signed certificate, remove the expired certificate, renew the certificate, and install an offline subject certificate.
Obtain an Online CA-signed Subject Certificate
Use the following procedure as an example to obtain an online CA signed subject certificate that the application can use.
About this task
In the following commands, the variable WORD<1-45> refers to the name of the certificate authority and the variable WORD<1-80> refers to the certificate filename.
Procedure
Install an Offline CA Certificate
Use the following procedure as an example to install an offline CA certificate.
About this task
In the following commands, the variable WORD<1-80> refers to the certificate filename.
Procedure
Configuring X.509 V3 certificates for SSH Two Factor Authentication
Note
DEMO FEATURE - Two-Factor Authentication–X.509v3 Certificates for SSH is a demonstration feature on some products. Demonstration features are provided for testing purposes. Demonstration features are for lab use only and are not for use in a production environment. For more information on feature support, see VOSS Feature Support Matrix.
Use the following procedure as an example to configure the SSH server on the VOSS switch, and the SSH client Secure CRT for two factor authentication using X.509 V3 certificates.
Before you begin
The following certificates must be loaded on the SSH server and SSH client:
-
For the Secure CRT (SSH client):
-
subject certificate from the PIV card.
-
-
For the VOSS switch (SSH server):
-
CAC-server.pem - the subject certificate
-
ca.cert.pem - the root CA certificate
-
Self-signedTrustAnchorCertificate.cer - the root CA certificate that signed the intermediate certificate
-
RSA2048IssuingCACertificate.cer - the intermediate certificate signed by the pervious root CA that signed the subject certificate.
-
About this task
Use the following steps as an example to configure the SSH server on the VOSS switch, the RADIUS Windows server, and the SSH client Secure CRT.
Procedure
X.509 Authentication Username Option Example
Use the following procedure as an example to configure username authentication options using X.509 V3 certificates.
Procedure
Install Online Certificates for Fabric Extend with IPsec
Use the following procedure as an example to install subject certificates for switches that use Fabric Extend with IPsec. After you complete the certificate configuration, you must configure the IPsec authentication method for the Fabric Extend tunnel. For more information about IPsec configuration, see IPsec configuration using CLI. For more information about Fabric Extend, see Fabric Extend configuration using the CLI.
Note
The values mentioned are for example only.
Before you begin
Configure the Fabric Extend tunnels between the branch and hub switches.