456 Managing keys and certificatesNN47250-500 (320657-F Version 02.01)Installing a key pair and certificate from a PKCS #12 object filePKCS object files provide a file format for storing and transferring storing data and cryptographic information.(For more information, see “PKCS #7, PKCS #10, and PKCS #12 object files” (page 450).) A PKCS #12object file, which you obtain from a CA, includes the private key, a certificate, and optionally the CA’s owncertificate.After transferring the PKCS #12 file from the CA via FTP and generating a one-time password to unlock it,you store the file in the WSS switch’s certificate and key store. To set and store a PKCS #12 object file, followthese steps:1 Copy the PKCS #12 object file to nonvolatile storage on the WSS. Use the following command:copy tftp://filename local-filename2 Enter a one-time password (OTP) to unlock the PKCS #12 object file. The password must bethe same as the password protecting the PKCS #12 file.The password must contain at least 1 alphanumeric character, with no spaces, and must notinclude the following characters:● Quotation marks (““)● Question mark (?)● Ampersand (&)To enter the one-time password, use the following command:crypto otp {admin | eap | web} one-time-password3 Unpack the PKCS #12 object file into the certificate and key storage area on the WSS. Use thefollowing command:crypto pkcs12 {admin | eap | web} filenameThe filename is the location of the file on the WSS.Note. On a WSS that handles communications to or from Microsoft Windowsclients, use a one-time password of 31 characters or fewer.Note. WSS Software erases the OTP password entered with the crypto otpcommand when you enter the crypto pkcs12 command.