Alcatel-Lucent 8950 AAA Computer Accessories User Manual


 
Procedures for Creating Certificates8950 AAA Certificate Manager
............................................................................................................................................................................................................................................................
365-360-001R6.0
Issue 1, December 2008
22-19
............................................................................................................................................................................................................................................................
Generating a Server Certificate
Important!
You must have a server certificate for certain EAP types, for example:
EAP-TLS, EAP-TTLS, EAP-PEAP.
1. If the aaa-cert GUI is not open, from the 8950 AAA bin directory, type:
./aaa-cert -gui
2. From the GUI select Server Certificate and click Next >
3. Enter a Common Name for your server certificate, for example, MyServerCert.
4. Enter your country if it is other than the US.
5. Enter the number of days to specify the validity of the certificate.
6. Add any additional information and click Next >
7. Enter the GNS name and click Next >
8. Enter the root file name and the password used to encrypt the root certificate private
key.
9. Enter the password for encrypting the server certificate private key.
Important! Record the password in a safe place. You will need it to generate server
and client certificates.
10. Click Next >
11. Enter the name of the root certificate file. See “Generating a Root Certificate” on
page 18.
12. Enter a name for the server certificate file you are creating, or accept the defaults, and
click Next >
13. The contents of the certificate are displayed for your review. It is not necessary to
record this information; it will be included in the file.
14. Click Generate Another Certificate to create a client certificate
OR
click Close to terminate the aaa-cert application.
Generating a Client Certificate
Important!
You must have a client certificate for certain EAP types, for example:
EAP-TLS, EAP-TTLS, EAP-PEAP.
1. If the aaa-cert GUI is not open, from the 8950 AAA bin directory type:
./aaa-cert -gui
2. From the GUI select Client Certificate and click Next >
3. Enter a Common Name for your client certificate, for example, MyClientCert.
4. Enter your country if it is other than the US.