458 Managing keys and certificatesNN47250-500 (320657-F Version 02.01)Installing a CA’s own certificateIf you installed a CA-signed certificate from a PKCS #7 file, you must also install the PKCS #7 certificate ofthat CA. (If you used the PKCS #12 method, the CA’s certificate is usually included with the key pair andserver certificate.)To install a CA’s certificate, use the following command:crypto ca-certificate {admin | eap | web} PEM-formatted-certificateWhen prompted, paste the certificate under the prompt. For example:WSS# crypto ca-certificate adminEnter PEM-encoded certificate-----BEGIN CERTIFICATE-----MIIDwDCCA2qgAwIBAgIQL2jvuu4PO5FAQCyewU3ojANBgkqhkiG9wOBAQUFADCBmzerMClaweVQQTTooewi\wpoer0QWNFNkj90044mbdrl1277SWQ8G7DiwYUtrqoQplKJ.....Lm8wmVYxP56M;CUAm908C2foYgOY40=-----END CERTIFICATE-----Displaying certificate and key informationTo display information about certificates installed on a WSS, use the following commands:show crypto ca-certificate {admin | eap | web}show crypto certificate {admin | eap | web}For example, to display information about an administrative certificate, type the following command:WSS# show crypto certificate adminCertificate:Version: 3Serial Number: 999 (0x3e7)Subject: C=US, ST=CA, L=PLEAS, O=NRTL, OU=SQA, CN=BOBADMIN/emailAddress=BOBADMIN, unstructuredName=BOBSignature Algorithm: md5WithRSAEncryptionIssuer: C=US, ST=CA, L=PLEAS, O=NRTL, OU=SQA, CN=BOBADMIN/emailAddress=BOBADMIN, unstructuredName=BOBValidity:Not Before: Oct 19 01:57:13 2004 GMTNot After : Oct 19 01:57:13 2005 GMTThe last two rows of the display indicate the period for which the certificate is valid. Make sure the date andtime set on the switch are within the date and time range of the certificate.