Chapter 36
Configuring Certificate Authorities and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Monitoring and Maintaining CA and Certificates Configuration
The tasks in the section are optional. This section includes the following topics:
•
•
•
•
•
Exporting and Importing Identity Information in PKCS#12 Format
You can export the identity certificate along with the RSA key-pair and CA certificate (or the entire chain
in the case of a subordinate CA) of a trust point to a PKCS#12 file for backup purposes. You can later
import the certificate and RSA key-pair to recover from a system crash on your switch or when you
replace the supervisor modules.
Only bootflash:filename syntax is supported when specifying the export and import URL.
Note
To export a certificate and key-pair to a PKCS#12-formatted file, follow these steps:
Command
Step 1
switch# config terminal
switch(config)#
Step 2
switch(config)# crypto ca export
admin-ca pkcs12 bootflash:adminid.p12
nbv123
Step 3
switch(config)# exit
switch#
Step 4
switch# copy bootflash:adminid.p12
tftp:adminid.p12
To import a certificate and key-pair from a PKCS#12-formatted file, follow these steps:
Command
Step 1
switch# copy tftp:adminid.p12
bootflash:adminid.p12
Step 2
switch# config terminal
switch(config)#
Step 3
switch(config)# crypto ca import
admin-ca pkcs12 bootflash:adminid.p12
nbv123
:The trust point must be empty (with no RSA key-pair associated with it and no CA is associated with it
Note
using CA authentication) for the PKCS#12 file import to succeed.
OL-18084-01, Cisco MDS NX-OS Release 4.x
Exporting and Importing Identity Information in PKCS#12 Format, page 36-13
Configuring a CRL, page 36-14
Deleting Certificates from the CA Configuration, page 36-14
Deleting RSA Key-Pairs from Your Switch, page 36-15
Displaying Key-Pair and CA Information, page 36-15
Configuring CAs and Digital Certificates
Purpose
Enters configuration mode.
Exports the identity certificate and associated key-pair
and CA certificates for trust point admin-ca to the file
bootflash:adminid.p12 in PKCS#12 format, protected
using password nbv123.
Returns to EXEC mode.
Copies the PKCS#12 format file to a TFTP server.
Purpose
Copies the PKCS#12 format file from a TFTP server.
Enters configuration mode.
Imports the identity certificate and associated key-pair
and CA certificates for trust point admin-ca from the file
bootflash:adminid.p12 in PKCS#12 format, protected
using password nbv123.
Cisco MDS 9000 Family CLI Configuration Guide
36-13