150 ServerIron ADX Security Guide
53-1002440-03
Configuring SSL on a ServerIron ADX
6
c:\ scp myrsakeys.pem admin@<ip_addr>:sslkeypair:myrsakeys:brocade:pem
After uploading the keypair file, the same file can be downloaded to a client with the following
command:
c:\ scp admin@<ip_addr>:sslkeypair:myrsakeys:foundry:pem myrsakeys.pem
NOTE
The downloaded file includes the following additional block of text at the end.
----BEGIN RSA PUBLIC KEY-----
MIGJAoGBANY8/gNKT42GTweT+/c34CRxRwmaUvQQbTMgxYhHdLbo1g+6sdDcrohH
IlXVOWJH4pjt9JB1zFaM/rSBnvKGkJ67HbT7dvszQnLNtg9aZnX3i5vPjFhjm9mj
j9E9alg/3CD1GpOXH40BJBZ3F8HFYaH8EOLlp5gLf/hxAYTPDQ2DAgMBAAE=
-----END RSA PUBLIC KEY-----
This additional block of text are the public key associated with the certificate, which does not create
any issues.
Similarly, a certificate file can be uploaded to or downloaded from the ServerIron ADX. For example,
to upload the certificate file "mycertfile" to the ServerIron ADX, which is in PEM format, use the
following command:
c:\scp mycertfile admin@<ip_addr>:sslcert:mycertfile:pem
NOTE
There is no password field.
To download the same file from the ServerIron ADX back to the client, use the following command:
c:\ scp admin@<ip_addr>:sslcert:mycertfile:pem
In general, use the following commands:
To upload a key-pair to a ServerIron ADX:
Syntax: scp <key-pair-file-name><user>@<SI_IP_Addr>:sslkeypair:<filename-on-SI>:<password>:
<format>
To download a key-pair from ServerIronADX:
Syntax: scp <user>@<SI_IP_Addr>:sslkeypair:<filename_on_SI>:<password>:<format>
<key-pair-file-name>
To upload a certificate file to the ServerIronADX:
Syntax: scp <cert-file-name><user>@<SI_IP_Addr>:sslcert:<filename-on-SI>:<format>
To download a certificate file from the ServerIronADX:
Syntax: scp <user>@<SI_IP_Addr>:sslcert:<filename-on-SI>:<format><cert-file-name>
When a key-pair file or a certificate file is uploaded, you can view it using the show ssl cert
command described in “Displaying locally stored SSL certificates” on page190.
Additional Notes for PKCS12
PKCS12 format stores keys and certificates in the same file. You must use the scp keyword
keypairfile and command syntax of keypairfile while transferring a PKCS#12 file to the
ServerIronADX.
To transfer a certificate and key file in PKCS format (mypkcsfile) to a ServerIron ADX, use the
following command:
c:\ scp ./mypkcsfile.p12 admin@<ip_addr>:sslkeypair:mypkcsfile:brocade:pkcs12