Authenticating the CA
The configuration process of trusting a CA is complete only when the CA is authenticated to the MDS switch. The switch must authenticate the CA. It does this by obtaining the self-signed certificate of the CA in PEM format, which contains the public key of the CA. Because the certificate of the CA is self-signed (the CA signs its own certificate) the public key of the CA should be manually authenticated by contacting the CA administrator to compare the fingerprint of the CA certificate.
To authenticate a CA using Fabric Manager, follow these steps:
- Expand Switches > Security then select PKI in the Physical Attributes pane.
- Click the Trust Point Actions tab in the Information pane.
- Click the Command field drop-down menu and select the appropriate option. Available options are caauth, cadelete, certreq, certimport, certdelete, pkcs12import, and pkcs12export. The caauth option is provided to authenticate a CA and install its CA certificate or certificate chain in a trust point.
- Click the Browse (...) button in the URL field and select the appropriate import certificate file from the Bootflash Files dialog box. It is the file name containing the CA certificate or chain in the bootflash:filename format.
Note You can authenticate a maximum of 10 trust points to a specific CA.
Note If you do not see the required file in the Import Certificate dialog box, make sure that you copy the file to bootflash.
- Click Apply Changes to save the changes.
Authentication is then confirmed or not confirmed depending on whether or not the certificate can be accepted after manual verification of its fingerprint.
Copyright © 2002-2007, Cisco Systems, Inc. All rights reserved.