Hi there,

I have searched for information on how to install an SSL key + certificate on our SR520 from the CLI. I have found the following document, but that did not help much.

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6657/prod_white_paper0900aecd8051ac50.html

I basically have the following files that I need to install:

Key file:

domainname.key

Certificates file:

AddTrustExternalCARoot.crt

domainname.crt

UTNAddTrustServerCA.crt

On our Apache2 servers I would basically specify:

SSLEngine on

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile /etc/apache2/ssl/domeinname.crt

SSLCertificateKeyFile /etc/apache2/ssl/domainname.key

SSLCertificateChainFile /etc/apache2/ssl/AddTrustExternalCARoot.crt

SSLCertificateChainFile /etc/apache2/ssl/UTNAddTrustServerCA.crt

What is the proper way to

a) upload the keyfile to the SR520

b) upload the three certificates to the SR520

c) use this information

Do I have to convert the files into something else?

The current relevant bits from our configuration (with a default self-signed certificate) are:

crypto pki trustpoint TP-self-signed-480304325

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-480304325

revocation-check none

rsakeypair TP-self-signed-480304325

!

!

crypto pki certificate chain TP-self-signed-480304325

certificate self-signed 01

  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

... (etc)

...

  6F89864D 0EBF5B0C 10CBC43F CC30D94C 510DBF33 B14C441C ED9475D4 2AF700B8 86E59B

            quit