3Com WX2200 3CRWX220095A Switch User Manual


 
Creating Keys and Certificates 421
Creating
Public-Private Key
Pairs
To use a self-signed certificate or Certificate Signing Request (CSR)
certificate for WX switch authentication, you must generate a
public-private key pair.
To create a public-private key pair, use the following command:
crypto generate key {admin | domain | eap | ssh | web}
{128 | 512 | 1024 | 2048}
Choose the key length based on your need for security or to conform
with your organization’s practices. For example, the following command
generates an administrative key pair of 1024 bits:
You must paste the entire block, from the beginning
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.
# crypto generate key admin 1024
admin key pair generated
PKCS #12 object
file certificate
1 Copy a PKCS #12 object file
(public-private key pair, server
certificate, and CA certificate) from
a CA onto the WX switch.
2 Enter the one-time password to
unlock the file.
3 Unpack the file into the switch’s
certificate and key store.
“Installing a Key
Pair and Certificate
from a PKCS #12
Object File” on
page 423
Certificate Signing
Request (CSR)
certificate
1 Generate a public-private key pair
on the WX switch.
2 Generate a CSR on the switch as a
PKCS #10 object file.
3 Give the CSR to a CA and receive a
signed certificate (a PEM-encoded
PKCS #7 object file).
4 Paste the PEM-encoded file into the
CLI to store the certificate on the
WX switch.
5 Obtain and install the CA’s own
certificate.
“Creating
Public-Private
Key Pairs” on
page 421
“Creating a CSR
and Installing a
Certificate from
a PKCS #7
Object File” on
page 424
“Installing a
CA’s Own
Certificate” on
page 425
Table 37 Procedures for Creating and Validating Certificates (continued)
File Type Steps Required Instructions