You are here: Home > CLI Commands > Just_CLI_Topics > local-custom-cert

local-custom-cert

local-custom-cert local-mac <lmac> ca-cert <ca> server-cert <cert> load-balance suite-b <gcm-128 | gcm-256>

Description

This command configures the user-installed certificate for secure communication between a managed device and a Mobility Master.

Syntax

Parameter

Description

<lmac>

MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the managed device with a local custom certificate.

ca-cert <ca>

User-defined name of a trusted CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate installed on the managed device. Use the show crypto-local pki TrustedCA command to display the CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificates that have been imported into the managed device.

server-cert <cert>

User-defined name of a server certificate installed on the managed device. Use the show crypto-local pki ServerCert command to display the server certificates that have been imported into the managed device.

suite‑b

If you configure your Mobility Master to use IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. and custom-installed certificates, you can optionally use Suite-B cryptographic algorithms for IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. encryption. Specify one of the following options:

gcm-128 Use 128-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM Suite-B encryption

gcm-256 Use 256-bit AESAdvanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-GCM Suite-B encryption

Usage Guidelines

Use this command on a Mobility Master to configure the custom certificate for communication with a managed device. On the managed device, use the masterip command to configure the IP address and certificates for the Mobility Master. If your Mobility Master and managed devices use certificates for authentication, the IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnel will be created using IKEv2Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. .

When a managed device communicates with Mobility Master to set up IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels, the uplink vlanVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. tag configured via the uplink command will be sent along in vendor-id payload during IKEInternet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. negotiation. This will uniquely bind the tunnel from a particular uplink on the managed device to a corresponding map on Mobility Master.

Example

The following command configures the managed device with a user-installed certificate:

(host) [mynode] (config) #local-custom-cert local-mac 00:16:CF:AF:3E:E1 ca-cert cacert1 server-cert servercert1

Related Commands

Command

Description

show local-cert-mac

Display the IP, MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address and certificate configuration of managed devices.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command introduced.

Command Information

Platforms

License

Command Mode

Available on all platforms

The suite-b gcm-128 and suite-b gcm-256 encryption options for IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. custom certificates requires the Advanced Cryptography license. All other parameters are available in the base operating system.

Config mode on Mobility Master.

/*]]>*/