Managing Keys and Certificates 397Nortel WLAN Security Switch 2300 Series Configuration GuideInstalling CA-Signed Certificates from PKCS #12 Object FilesThis scenario shows how to use PKCS #12 object files to install public-private key pairs, CA-signed certificates, and CAcertifies for administrative access, 802.1X (EAP) access, and Web AAA access.1 Set time and date parameters, if not already set. (See “Configuring and Managing Time Parameters” onpage 136.)2 Obtain PKCS #12 object files from a certificate authority.3 Copy the PKCS #12 object files to nonvolatile storage on the WSS. Use the following command:copy tftp://filename local-filenameFor example, to copy PKCS #12 files named 2048admn.p12, 20481x.p12, and 2048web.p12 from theTFTP server at the address 192.168.253.1, type the following commands:23x0# copy tftp://192.168.253.1/2048admn.p12 2048admn.p12success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]23x0# copy tftp://192.168.253.1/20481x.p12 20481x.p12success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]23x0# copy tftp://192.168.253.1/2048web.p12 2048web.p12success: received 637 bytes in 0.253 seconds [ 2517 bytes/sec]4 Enter the one-time passwords (OTPs) for the PKCS #12 object files. The OTP protects the PKCS #12file.To enter a one-time password, use the following command:crypto otp {admin | eap | webaaa} one-time-passwordFor example:23x0# crypto otp admin SeC%#6@o%cOTP set23x0# crypto otp eap SeC%#6@o%dOTP set23x0# crypto otp web SeC%#6@o%eOTP set5 Unpack the PKCS #12 object files into the certificate and key storage area on the WSS switch. Use thefollowing command:crypto pkcs12 {admin | eap | webaaa} filenameThe filename is the location of the file on the WSS switch.For example:23x0# crypto pkcs12 admin 2048admn.p12Unwrapped from PKCS12 file:keypairdevice certificateCA certificate