9.4.3 Registering Server Certificates and Keys
Use the operation command set web-authentication ssl-crt to register the server certificate and private key with the Switch. Also, if you have an intermediate CA certificate, register it with the server certificate and private key. Here are the steps:
- <Structure of this section>
(1) Transferring a server certificate and key to the Switch
Use MC or use an operation command sftp,scp to transfer the created server certificate and private key to the Switch. If an intermediate CA certificate exists, it is forwarded to the Switch in the same way.
(2) Prepare an intermediate CA certificate
If you have intermediate CA certificates, prepare the files for the intermediate CA certificates that you want to register. If there are several intermediate CA certificates (two file root.crt and next.crt in the following example), the files are merged and a single file (ca.crt) is created.
# cp root.crt ca.crt # cat next.crt >> ca.crt # |
(3) Registering a server certificate and key in the Switch
Log in to administrator mode and place the server certificate (server.crt) and private key (serverinstall.key) in the current directory. Also, place the intermediate CA certificate in the current directory if you have an intermediate ca.crt.
Execute the operation-command set web-authentication ssl-crt and register the file in the Switch.
# set web-authentication ssl-crt Set path to the key: serverinstall.key ..1 Set path to the certificate: server.crt ..2 Set path to the intermediate CA certificate: ca.crt ..3 Would you wish to install SSL key and certificate? (y/n):y ..4 Install complete. Please restart web-authentication daemon or web-server daemon. # |
-
Specifies the file name of the private key.
-
Specifies the server certificate file name.
-
Specifies the filename of the intermediate CA certificate. If you do not have an intermediate CA certificate, type [Enter] only.
-
If the entered content is correct, enter y.
During registration, the content and validity of the server certificate, private key, and intermediate CA certificate are not checked. Therefore, if you do not register the correct paired server certificate, private key, and intermediate CA certificate, you will not be able to log in or log out using HTTPS. In such a case, delete the registered certificate and private key, and then register the correct combined server certificate, private key, and intermediate CA certificate again.
(4) Confirm the registration
Run the operational command show web-authentication ssl-crt to verify that the server certificate, private key, and intermediate CA certificate are registered.
# show web-authentication ssl-crt
Date 20XX/04/15 10:07:04 UTC
DATE
SSL key : 20XX/03/30 14:05
SSL certificate : 20XX/03/30 14:05
SSL intermediate cert: 20XX/03/30 14:05 |
(5) Restart the web server
Execute the operation-command restart web-authentication web-server to restart Web servers.
# restart web-authentication web-server |
(6) Checking the Startup of Web Servers
Use ps command. Make sure that Web servers (httpd) are running.
# ps -auwx |grep httpd root 471 0.0 0.1 212 672 ?? S 6:19PM 0:00.52 /usr/local/sbin/httpd -DS_WA -DSSL -DWA_SSL operator 11070 0.0 0.1 164 556 00 S+ 6:20PM 0:00.01 sh -c ps -auwx | grep httpd operator 11421 0.0 0.0 32 36 00 R+ 6:20PM 0:00.00 grep httpd |