400 CHAPTER 13: CRYPTOGRAPHY COMMANDS
You must also have the PKCS #12 object file available. You can download
a PKCS #12 object file via TFTP from a remote location to the local
nonvolatile storage system on the WX switch.
Examples — The following commands copy a PKCS #12 object file for
an EAP certificate and key pair—and optionally the certificate authority’s
own certificate—from a TFTP server to nonvolatile storage on the WX
switch, create the one-time password hap9iN#ss, and unpack the
PKCS #12 file:
WX4400# copy tftp://192.168.253.1/2048full.p12 2048full.p12
Sent read request
.Done
WX4400# crypto otp eap hap9iN#ss
OTP set
WX4400# crypto pkcs12 eap 2048full.p12
Unwrapped from PKCS12 file:
keypair
device certificate
CA certificate
See Also
■ “crypto otp” on page 397
display crypto
ca-certificate
Displays information about the certificate authority’s PEM-encoded
PKCS #7 certificate.
Syntax —
display crypto ca-certificate {admin | eap | webaaa}
■ admin — Displays information about the certificate authority’s
certificate that signed the administrative certificate for the WX switch.
The administrative certificate authenticates the WX to 3WXM or Web
Manager.
■ eap — Displays information about the certificate authority’s certificate
that signed the Extensible Authentication Protocol (EAP) certificate for
the WX switch.
The EAP certificate authenticates the WX switch to 802.1X supplicants
(clients).
