Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

HOW TO Install a Signed Subject, Intermediate and Root Certificate in ERS 4900, 5900 BOSS

« Go Back

Information

 
TitleHOW TO Install a Signed Subject, Intermediate and Root Certificate in ERS 4900, 5900 BOSS
Objective
  • Install a signed Subject, Intermediate and/or Root certificate.
  • Enable Secure HTTPS Web Server
Environment
  • ERS 4900
  • ERS 5900
  • BOSS Software Release 7.6.0.007 or later
Procedure
NOTE: The Subject certificate must be signed using either SHA1 or SHA2-256. All other algorithms are unsupported.
NOTE: The Subject, Intermediate and Root certificates must be in PEM format. The key must be unencrypted.
NOTE: The Subject certificate and private key may be in separate files or the same file.
  1. Install the Root CA certificate:
certificate ca <CA_name> import sftp address <sftp_server_ip>00 filename <rootca_cert.crt> username <sftp_username>
  1. [OPTIONAL] Install the Intermediate CA certificate:
certificate ca <CA_name> import sftp address <sftp_server_ip> filename <interca.crt> username <sftp_username>
  1. Install the Subject certificate:
certificate ca <CA_name> import sftp address <sftp_server_ip> filename <subjectcert.crt> username <sftp_username>
  1. Install the Subject certificate private key:
certificate key <KEY_name> import sftp address <sftp_server_ip> filename <subjectcertkey.pem> username <sftp_username>
  1. Associate the CA with the KEY and the web server:
certificate ca <CA_name> key-name <KEY_name> use-for ssl-server
ssl
Additional notes
Alternatively use the following script template substituting <..> values:
enable
config terminal
sshc authentication password
certificate ca <CA_name> import sftp address <sftp_server_ip> filename MyBOSSRootCA.crt username <sftp_username>
<sftp_username>
certificate ca <CA_name> import sftp address <sftp_server_ip> filename MyBOSSInterCA.crt username <sftp_username>
<sftp_username>
certificate ca <CA_name> import sftp address <sftp_server_ip> filename MyBOSSSubjectCert.crt username <sftp_username>
<sftp_username>
certificate key <KEY_name> import sftp address <sftp_server_ip> filename MyBOSSSubjectCert.pem username <sftp_username>
<sftp_username>
certificate ca <CA_name> common-name <your_subject_cert_cn>
certificate ca <CA_name> key-name <KEY_name> use-for ssl-server
ssl

An example:
enable
config terminal
sshc authentication password
certificate ca myca import sftp address 5.5.5.5 filename MyBOSSRootCA.crt username admin
admin
certificate ca myca import sftp address 5.5.5.5 filename MyBOSSInterCA.crt username admin
admin
certificate ca myca import sftp address 5.5.5.5 filename MyBOSSSubjectCert.crt username admin
admin
certificate key mykey import sftp address 5.5.5.5 filename MyBOSSSubjectCert.pem username admin
admin
certificate ca myca common-name boss.extremenetworks.com
certificate ca myca key-name mykey use-for ssl-server
ssl

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255