Use the cert command to define certificate settings for the named topology in the current context.
Using the cert command with the default option removes the certificate from the named topology and assigns the factory default certificate to it.
pkcs12 | Indicates that <filename> certificate file is in the PKCS #12 format. |
pem-der | Indicates that the <filename> certificate file and <keyfile> key file are PEM/DER encoded. |
csr-cert | Indicates that the <filename> is a certificate signing request file. |
scp|ftp | Indicates that either SCP or FTP should be used to download the certificate file. |
server | IP address of the server from which the file should be downloaded |
user | Userid of the account to login with on the SCP or FTP server |
password | Password associated with the <user> userid |
dir | Directory in which to find the PKCS #12 certificate file, CSR file, or PEM/DER encoded certificate file and key file. |
filename | The name of the PKCS #12, PEM/DER, or CSR certificate file to use with the port. This must be a PKCS #12 file if the permanent option is not used. |
keyfile | The PEM/DER encoded private key file |
certpassword | Password to use with the private key file |
chainfile | A PEM-formatted CA (Certification Authority) chain certificate file. If you choose to install this optional certificate, you must do so when specifying the PCKCS #12 or PEM/DER certificates. |
permanent | Indicates that the certificate to use is already in the permanent key store. This is used by the export and show commands to show which certificate is assigned to each port. The certificate will then be applied to the wireless assistant virtual website bound to the port the context of which the command was issued in. |
permanent-chain | Indicates that the chain certificate to use is already in the permanent key store. This is used by the export and show commands to show which certificate is assigned to each port. The certificate will then be applied to the wireless assistant virtual website bound to the port the context of which the command was issued in. |
default | Indicates that the interface should use the factory default certificate and key. |
ipv6 | Specifies that the certificate is IPv6. |
Use the cert command to define certificate settings for the named topology in the current context. With the cert command, you can either to assign a downloaded PKCS #12 file, CSR file, or PEM/DER files to the named topology or to reset the named topology to use the factory default certificate. The cert command is available from the topology:<named-topology>:l3 context of the CLI for Admin, b@ac, physical, and routed topologies.
When you use the cert command to assign a PKCS #12 file, CSR file, or PEM/DER files to an interface, you must select either SCP or FTP as the file transfer mechanism and specify the PKCS#12 file, CSR file, or PEM/DER files. The command then attempts to download the specified PKCS#12 file, CSR file, or PEM/DER files, and, if successful, converts the PKCS#12 file, CSR file, or PEM/DER files into a certificate and key. The command confirms that the certificate password works with the private key file then assigns both the certificate and key to the named topology. If the indicated file name cannot be found, this command generates an error.
Using the cert command with the default option removes the certificate from the named topology and assigns the factory default certificate to it.
The following example downloads a PKCS #12 certificate file and a chain certificate using FTP and applies it to the topology named 3rdFL_lab:
EWC.extremenetworks.com:topology:3rdFL_lab:13# cert pkcs12
ftp 1.1.1.1 user2 abc123 certs/ 3rdFL_lab.pfx abcd1234 chain.crt
The following example downloads a PEM/DER certificate file, a PEM/DER key file, and a chain certificate using FTP and applies it to the topology named 3rdFL_lab:
EWC.extremenetworks.com:topology:3rdFL_lab:13# cert pem-der
ftp 1.1.1.1 user2 abc123 certs/ 3rdFL_lab.crt privatekey.pem abcd1234 chain.crt
The following example downloads a signed certificate using FTP and applies it to the topology named 3rdFL_lab:
EWC.extremenetworks.com:topology:3rdFL_lab:13# cert csr-cert ftp 192.168.1.8 user2 abc123 certs/ signed_1yr_3rdFL_lab.crt