CLI Guide
Switch Management Commands 2387
User Guidelines
Use this command to enter an external certificate (signed by a Certification
Authority) to the switch. To end the session, add a period (.) on a separate
line after the input, and press ENTER.
The imported certificate must be based on a certificate request created by the
crypto certificate request command.
If the public key found in the certificate does not match the switch's SSL RSA
key, the command fails.
Regenerating the RSA key will render existing certificates invalid.
Certificates are validated on input. The system log will show any encountered
certificate errors such as invalid format or if the certificate could not be
validated against the switch private key. Invalid certificates are not imported.
The signed certificate must contain the switch public key and match the RSA
key on the switch and must be in X509 PEM text format.
Depending on the browser, browser version, and level of checking, it may be
possible to use the switch generated self-signed certificate to enable HTTPS
connections.
First generate the certificate using the switch fully-qualified domain name for
the certificate common name. For example, if the switch FQDN is dhcp-1-2-
3-4.dns.dell.com, set the certificate common name to dhcp-1-2-3-
4.dns.dell.com when generating the certificate. Add the certificate to the
host and/or browser trusted certificate store. It may also be necessary to add
the IP address and hostname of the switch to the local hosts file to pass
browser identity checks.
This command is not saved in the router configuration; however, the
certificate imported by this command is saved in the private configuration.
Certificates are propagated across the stack.
Example
The following example imports a certificate signed by the Certification
Authority for HTTPS.
console(config)#crypto certificate 1 import
Please paste the input now, add a period (.) on a separate line after the
input, and press Enter.
-----BEGIN CERTIFICATE-----