cert

Use the cert command to define certificate settings for the named topology in the current context.

Using the cert command with the default option removes the certificate from the named topology and assigns the factory default certificate to it.

cert ((pkcs12 scp|ftp server user password dir filename certpassword [chainfile] [ipv6]) | (pem-der scp|ftp server user password dir filename keyfile certpassword [chainfile] [ipv6])| (csr-cert scp|ftp server user password dir filename [chainfile] [ipv6])) | permanent | permanent-chain [ipv6] | default [ipv6]

Parameters

pkcs12 Indicates that <filename> certificate file is in the PKCS #12 format.
pem-der Indicates that the <filename> certificate file and <keyfile> key file are PEM/DER encoded.
csr-cert Indicates that the <filename> is a certificate signing request file.
scp|ftp Indicates that either SCP or FTP should be used to download the certificate file.
server IP address of the server from which the file should be downloaded
user Userid of the account to login with on the SCP or FTP server
password Password associated with the <user> userid
dir Directory in which to find the PKCS #12 certificate file, CSR file, or PEM/DER encoded certificate file and key file.
filename The name of the PKCS #12, PEM/DER, or CSR certificate file to use with the port. This must be a PKCS #12 file if the permanent option is not used.
keyfile The PEM/DER encoded private key file
certpassword Password to use with the private key file
chainfile A PEM-formatted CA (Certification Authority) chain certificate file. If you choose to install this optional certificate, you must do so when specifying the PCKCS #12 or PEM/DER certificates.
permanent Indicates that the certificate to use is already in the permanent key store. This is used by the export and show commands to show which certificate is assigned to each port. The certificate will then be applied to the wireless assistant virtual website bound to the port the context of which the command was issued in.
permanent-chain Indicates that the chain certificate to use is already in the permanent key store. This is used by the export and show commands to show which certificate is assigned to each port. The certificate will then be applied to the wireless assistant virtual website bound to the port the context of which the command was issued in.
default Indicates that the interface should use the factory default certificate and key.
ipv6 Specifies that the certificate is IPv6.

Usage

Use the cert command to define certificate settings for the named topology in the current context. With the cert command, you can either to assign a downloaded PKCS #12 file, CSR file, or PEM/DER files to the named topology or to reset the named topology to use the factory default certificate. The cert command is available from the topology:<named-topology>:l3 context of the CLI for Admin, b@ac, physical, and routed topologies.

When you use the cert command to assign a PKCS #12 file, CSR file, or PEM/DER files to an interface, you must select either SCP or FTP as the file transfer mechanism and specify the PKCS#12 file, CSR file, or PEM/DER files. The command then attempts to download the specified PKCS#12 file, CSR file, or PEM/DER files, and, if successful, converts the PKCS#12 file, CSR file, or PEM/DER files into a certificate and key. The command confirms that the certificate password works with the private key file then assigns both the certificate and key to the named topology. If the indicated file name cannot be found, this command generates an error.

Using the cert command with the default option removes the certificate from the named topology and assigns the factory default certificate to it.

Examples

The following example downloads a PKCS #12 certificate file and a chain certificate using FTP and applies it to the topology named 3rdFL_lab:

EWC.extremenetworks.com:topology:3rdFL_lab:13# cert pkcs12
ftp 1.1.1.1  user2 abc123 certs/ 3rdFL_lab.pfx abcd1234 chain.crt

The following example downloads a PEM/DER certificate file, a PEM/DER key file, and a chain certificate using FTP and applies it to the topology named 3rdFL_lab:

EWC.extremenetworks.com:topology:3rdFL_lab:13# cert pem-der
 ftp 1.1.1.1 user2 abc123 certs/ 3rdFL_lab.crt privatekey.pem abcd1234 chain.crt

The following example downloads a signed certificate using FTP and applies it to the topology named 3rdFL_lab:

EWC.extremenetworks.com:topology:3rdFL_lab:13# cert csr-cert ftp 192.168.1.8
 user2 abc123 certs/ signed_1yr_3rdFL_lab.crt