Export Trustpoints

Each certificate is digitally signed by a trustpoint. The trustpoint signing the certificate can be a certificate authority, corporation or individual. A trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration parameters and an association with an enrolled identity certificate.

The trustpoints utilized by a controller, service platform or access point can be exported to an external resource for archive.

To export trustpoints:

1. Select Operations → Manage Certificates.
2. To optionally export a trustpoint to a remote location, select Export from the Certificate Management screen.

   Once a certificate has been generated on the local authentication server, export the self signed certificate. A digital CA certificate is different from a self signed certificate. The CA certificate contains the public and private key pairs. The self certificate only contains a public key. Export the self certificate for publication on a Web server or file server for certificate deployment or export it in to an active directory group policy for automatic root certificate deployment.

3. Additionally export the key to a redundant RADIUS server so it can be imported without generating a second key. If there's more than one RADIUS authentication server, export the certificate and don't generate a second key unless you want to deploy two root certificates.

   

   Certificate Management - Export Trustpoint Screen

   

4. Define the following configuration parameters required for the export of the trustpoint.

   Trustpoint Name	Enter the 32-character maximum name assigned to the trustpoint. The trustpoint signing the certificate can be a certificate authority, a corporation, or an individual..
   URL	Provide the complete URL to the location of the trustpoint. If needed, click Advanced to expand the dialog to display network address information to the location of the trustpoint. The number of additional fields populating the screen depends on the selected protocol.
   Protocol	Select the protocol used for exporting the target trustpoint. Available options include: tftp ftp sftp http cf usb1-4
   Port	Set the port. This option is not valid for cf and usb1-4.
   Host	Provide the hostname string or numeric IP address of the server used to export the trustpoint. Hostnames cannot include an underscore character. This option is not valid for cf and usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons.
   Path/File	Specify the path to the signed trustpoint file. Enter the complete relative path to the file on the server.
   Cut and Paste	Select Cut and Paste to copy an existing trustpoint into the field. When pasting, no additional network address information is required.

5. Select OK to export the defined trustpoint. Select Cancel to revert the screen to its last saved configuration.