Open as PDF
418 CHAPTER 20: MANAGING KEYS AND CERTIFICATES
Generated by MSS
The first time you boot a switch with MSS Version 4.2 or later, MSS
automatically generates keys and self-signed certificates, in cases where
certificates are not already configured or installed. MSS can automatically
generate all the following types of certificates and their keys:
Admin (required for administrative access to the switch by Web
Manager or 3Com Wireless Switch Manager)
EAP (required for 802.1X user access through the switch)
Web (required for WebAAA user access through the switch)
The keys are 512 bytes long.
MSS automatically generates self-signed certificates only in cases where
no certificate is already configured. MSS does not replace self-signed
certificates or CA-signed certificates that are already configured on the
switch. You can replace an automatically generated certificate by creating
another self-signed one or by installing a CA-signed one. To use a longer
key, configure the key before creating the new certificate (or certificate
request, if you plan to install a CA-signed certificate).
If generated by MSS Version 4.2.3 or later, the automatically generated
certificates are valid for three years, beginning one week before the time
and date on the switch when the certificate is generated.
PKCS #12 Personal Information
Exchange Syntax Standard
Contains a certificate signed by a CA and
a public-private key pair provided by the
CA to go with the certificate.
Because the key pair comes from the CA,
you do not need to generate a key pair or
a certificate request on the switch.
Instead, use the copy tftp command to
copy the file onto the WX switch.
Use the crypto otp command to enter
the one-time password assigned to the
file by the CA. (This password secures the
file so that the keys and certificate cannot
be installed by an unauthorized party.
You must know the password in order to
Use the crypto pkcs12 command to
unpack the file.
Table 36 PKCS Object Files Supported by 3Com (continued)
File Type Standard Purpose