3Com WX2200 3CRWX220095A Switch User Manual


 
424 CHAPTER 20: MANAGING KEYS AND CERTIFICATES
Creating a CSR and
Installing a Certificate
from a PKCS #7
Object File
After creating a public-private key pair, you can obtain a signed certificate
of authenticity from a CA by generating a Certificate Signing Request
(CSR) from the WX switch. A CSR is a text block with an encoded request
for a signed certificate from the CA.
Many certificate authorities have their own unique requirements. Follow
the instructions in the documentation for your CA to properly format the
fields you complete when generating a CSR.
1 To generate a request for a CA-signed certificate, use the following
command:
crypto generate request {admin | eap | web}
When prompted, enter values for each of six identification fields.
You must include a common name (string) when you generate a CSR.
Use a fully qualified name if such names are supported on your network.
The other information is optional. For example:
You must paste the entire block, from the beginning
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.
# crypto generate request admin
Country Name: US
State Name: MI
Locality Name: Detroit
Organizational Name: example
Organizational Unit: eng
Common Name: WX-34
Email Address: admin@example.com
Unstructured Name: south tower, wiring closet 125
When completed successfully, the command returns a Privacy-Enhanced
Mail (PEM)-formatted PKCS #10 CSR. PEM encoding is a way of
representing a non-ASCII file format in ASCII characters. The encoded
object is the PKCS #10 CSR. Give the CSR to a CA and receive a signed
certificate (a PEM-encoded PKCS #7 object file).
1 To install a certificate from a PKCS #7 file, use the following command to
prepare the switch to receive it:
crypto certificate {admin | eap | web} PEM-formatted
certificate