The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This appendix describes importing the SHA2 certificate to the Cisco Edge 340 Series. The details of creating, getting, or generating the certificate are not provided in this document.
The Cisco Edge 340 Series support certificate generated from Non-SCEP server as well.
Certificate API user should have key file of certificate with it.
Note Make sure to provide hostname of CE340 in Common Name Field while creating or getting certificate.
Following are the steps to insert certificate using Certificate API:
Step 1 To generate the Key and CSR from the CE340 CLI:
Step 2 Generate the certificate from the CA server using CE340 CSR.
Step 3 To load the certificate from the local storage, use the following command:
Upon success the # prompt will be shown on the screen after the above command is executed.
Upon failure the generic failure message will be shown on the screen and then the # prompt will be shown.
Step 4 To load the certificate from a remote server, use the following command:
Upon success the # prompt will be shown on the screen after the above command is executed.
Upon failure the generic failure message will be shown on the screen and then the # prompt will be shown.
Step 5 To verify that the newly loaded certificate is inserted, use the follow the command:
This command will display the newly inserted certificate. Upon success the # prompt will be shown on the screen after the above command is executed.
Step 6 After loading the new certificate, restart the nginx server by executing the following command:
Step 7 Check the certificate in GUI as following:
Follow these steps to get certificate from the NDES server:
Step 1 Upgrade or reimage the device with the new 1.2.0.19 patch.
Step 2 Connect to the CE340 via SSH.
Step 3 Create a file named as api.txt
by using the text editor present in CE340.
Following is a sample file. Please change the values in bold and italic according to your requirement.
Note Make sure to provide hostname of CE340 in Common Name Field while creating or getting certificate.
Step 4 Execute the following command at the same location where api.txt
was created to configure the SCEP server information:
Upon success the # prompt will be shown on the screen after the above command is executed.
Upon failure the generic failure message will be shown on the screen and then the # prompt will be shown.
Step 5 Verify that the certificate request file and private key are generated:
Upon success the # prompt will be shown on the screen after the above command is executed.
Upon failure the generic failure message will be shown on the screen and then the # prompt will be shown.
Upon success the # prompt will be shown on the screen after the above command is executed.
Upon failure the generic failure message will be shown on the screen and then the # prompt will be shown.
Step 8 Make sure the certificate is generated and saved locally on CE340:
Step 9 Make sure that relevant or valid details are present in the certificate:
Step 10 Restart the nginx server or reboot the device. This step will insert the SCEP certificate in CE340.
Step 11 Check the certificate in GUI as well as in NDES server to ensure that the correct certificate is inserted.