Catalyst 6500 Series WebVPN Services Module Configuration Guide, 1.1
Importing the Embedded Test Certificate
Download this chapter
Importing the Embedded Test CertificateImporting the Embedded Test Certificate
Download the complete book
Whole Book PDF: Catalyst 6500 Series WebVPN Services Module Configuration Guide, Release 1.1Whole Book PDF: Catalyst 6500 Series WebVPN Services Module Configuration Guide, Release 1.1 (PDF - 3 MB)
give_us_feedback

Table Of Contents

Importing the Embedded Test Certificate


Importing the Embedded Test Certificate

A test PKCS12 file (testssl.p12) is embedded in the WebVPN software on the module. You can install the file into the Flash memory for testing purposes and for proof of concept. After the PKCS12 file is installed, you can import it to a trustpoint, and then assign it to a WebVPN gateway that is configured for testing.

To install and import the test file, perform this task:

 
Command
Purpose

Step 1  

webvpn# test webvpn platform 
certificate install

Installs the test PKCS12 file to NVRAM.

Step 2  

webvpn# configure terminal

Enters configuration mode, selecting the terminal option.

Step 3  

webvpn(config)# crypto ca import 
trustpoint_label pkcs12 
flash:testssl.p12 passphrase

Imports the test PKCS12 file to the module.

Note For the test certificate, the passphrase is cisco.

Step 4  

webvpn(config)# ssl-proxy service 
test_service

Defines the name of the test proxy service.

Step 5  

webvpn(config-ssl-proxy)# 
certificate rsa general-purpose 
trustpoint trustpoint_label

Applies a trustpoint configuration to the proxy server.

Step 6  

webvpn# show ssl-proxy stats 
test_service

Displays test statistics information.

This example shows how to import the test PKCS12 file: 

webvpn# test webvpn platform certificate install

% Opening file, please wait ...

% Writing, please wait ...

% Please use the following config command to import the file.

  "crypto ca import <trustpoint-name> pkcs12 flash:testssl.p12 cisco"

% Then you can assign the trustpoint to a WebVPN gateway for testing. 


*May 5 20:15:57.831: %WEBVPN-6-PKI_TEST_CERT_INSTALL: Test key and certificate was 
installed into Flash in a PKCS#12 file.

webvpn# 

webvpn# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

webvpn(config)# crypto ca import test123 pkcs12 flash:testssl.p12 cisco

Source filename [testssl.p12]? 

% You already have RSA keys named test123.

% If you replace them, all router certs issued using these keys

% will be removed.

% Do you really want to replace them? [yes/no]: yes

RYPTO_PKI: Imported PKCS12 file successfully.

webvpn(config)#

*May 5 20:16:25.883: %PKI-6-PKCS12IMPORT_SUCCESS: PKCS #12 Successfully Imported.

webvpn(config)# webvpn gateway test123

webvpn(config-webvpn-gateway)# ip address 2.100.100.77

webvpn(config-webvpn-gateway)# ssl trustpoint test123

*May 5 20:16:43.683: %WEBVPN-6-PKI_SERVICE_CERT_INSTALL: Proxy: test123, Trustpoint:

test123, Key: test123, Serial#: 01, Index: 10

*May 5 20:16:43.683: %WEBVPN-6-PKI_CA_CERT_INSTALL: Root, Subject Name:

cn=testca.cisco.com,ou=Security,o=Cisco Systems Inc,l=San Jose,st=California,c=US, 
Serial#: 00, Index: 11

webvpn(config-webvpn-gateway)# inservice 

webvpn(config-webvpn-gateway)# exit

webvpn(config)#

*May 5 20:16:46.159: %SSLVPN-5-UPDOWN: sslvpn gateway : test123 changed state to UP

webvpn# show webvpn gateway test123

Admin Status: up

Operation Status: up

IP: 2.100.100.77, port: 443 

TCP Policy not configured

SSL Policy not configured

SSL Trustpoint: test123

  Certificate chain for new connections:

    Certificate:

       Key Label: test123, 1024-bit, not exportable

       Key Timestamp: 20:16:25 UTC May 5 2005

       Serial Number: 01

    Root CA Certificate:

       Serial Number: 00

  rsa-general-purpose certificate

  Certificate chain complete 

webvpn#