Export Trustpoints

Each certificate is digitally signed by a trustpoint. The trustpoint signing the certificate can be a certificate authority, corporation or individual. A trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration parameters and an association with an enrolled identity certificate.

The trustpoints utilized by a controller, service platform or access point can be exported to an external resource for archive.

To export trustpoints:

1. Select Operations > Manage Certificates.

2. Select the Export button from the Certificate Management screen.

   Once a certificate has been generated on the local authentication server, export the self signed certificate. A digital CA certificate is different from a self signed certificate. The CA certificate contains the public and private key pairs. The self certificate only contains a public key. Export the self certificate for publication on a Web server or file server for certificate deployment or export it in to an active directory group policy for automatic root certificate deployment.

3. Additionally export the key to a redundant RADIUS server so it can be imported without generating a second key. If there's more than one RADIUS authentication server, export the certificate and don't generate a second key unless you want to deploy two root certificates.

   

4. Define the following configuration parameters required for the Export of the trustpoint.

   Trustpoint Name	Enter the 32 character maximum name assigned to the trustpoint. The trustpoint signing the certificate can be a certificate authority, corporation or individual.
   URL	Provide the complete URL to the location of the trustpoint. If needed, select Advanced to expand the dialog to display network address information to the location of the trustpoint. The number of additional fields that populate the screen is dependent on the selected protocol.
   Protocol	Select the protocol used for exporting the target trustpoint. Available options include: tftp ftp sftp http cf usb1-4
   Port	Use the spinner control to set the port. This option is not valid for cf and usb1-4.
   Host	Provide the hostname or numeric IP address of the server used to export the trustpoint. This option is not valid for cf and usb1-4.
   Path/File	Specify the path to the trustpoint. Enter the complete relative path to the file on the server.
   Cut and Paste	Select the Cut and Paste radio button to simply copy an existing trustpoint into the cut and past field. When pasting, no additional network address information is required.

5. Select OK to export the defined trustpoint. Select Cancel to revert the screen to its last saved configuration.