Wired Intelligent Edge (Campus Switching and Routing)

How to upload CA signed certificate using the offline mode on Comware 7 switches.

MVP Expert
MVP Expert
Requirement:

How to upload CA signed certificate using the offline mode on Comware 7 switches.



Solution:

Step 1: Create a set of PKI Keys.

Step 2: Create a PKI entity.

Step 3: Create a PKI domain with the below details.

Step 4: Create a CSR for the said domain.

Step 5: The CSR generated will be displayed on screen, copy the same into a notepad file and get it signed by a CA.

Step 6: Upload the signed certificate and the Root certificate to the switch using the copy commands or the Filesystem’s upload section on the web interface.

Step 7: Install the Root certificate on the switch using the below command.

Step 8: Install the Signed certificate on the switch suing the following command.

Step 9: Use the new domain created for HTTPS server on the switch.



Configuration:

Step 1: Create a set of PKI Keys.

public-key local create rsa name Key-Name

 

Step 2: Create a PKI entity.

pki entity <Entity Name>
 common-name <CN>
 country <COUNTRY>
 locality <LOCALITY>
 organization-unit <ORG-UNIT>
 organization <ORG>
 state <STATE>
 ip <IP-ADDR>

Step 3: Create a PKI domain with the below details.

pki domain <Name>
 ca identifier <CA-CN>
 certificate request entity <Entity Name>
 public-key rsa general name <Key-Name> length 2048
 usage ssl-server
 undo crl check enable

 

Use the “undo crl check enable” if you do not want to use Certificate Revocation List check.

 

Step 4: Create a CSR for the said domain.

pki request-certificate domain <Domain-Name> pkcs10

 

Step 5: The CSR generated will be displayed on screen, copy the same into a notepad file and get it signed by a CA.

 

Step 6: Upload the signed certificate and the Root certificate to the switch using the copy commands or the Filesystem’s upload section on the web interface.

 

Step 7: Install the Root certificate on the switch using the below command.

pki import domain <Domain-Name> <format (der|p12|pem)> ca filename flash:/My_root_ca.cer

Example: pki import domain abc der ca filename flash:/My_root_ca.cer

 

Step 8: Install the Signed certificate on the switch suing the following command.

pki import domain <Domain-Name> <format (der|p12|pem)> local filename flash:/My_Signed.cer

 

Step 9: Use the new domain created for HTTPS server on the switch.

ssl server-policy <Policy-Name>
pki-domain <Domain-Name>

ip https port <TCP-Port-Number>
 ip https ssl-server-policy <Policy-Name>
 ip https enable


Verification
display ip https server
Version history
Revision #:
1 of 1
Last update:
‎05-01-2019 07:34 AM
Updated by:
 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: