Filter
Top Products
AT-9000 Switch Command Line User’s Guide
1337
Creating a Self-signed Certificate
Here are the main steps to configuring the switch for a self-signed
certificate:
1. Create a new self-signed certificate with “CRYPTO CERTIFICATE
GENERATE” on page 1349, in the Global Configuration mode. The
command has this format:
crypto certificate
id_number
generate
length passphrase
common_name organizational_unit organization location
state country duration
The ID_NUMBER parameter is a value from 1 to 10 that uniquely
identifies the certificate on the switch. Since the switch cannot have
more than eight certificates, and since only one certificate can be
active at a time, you probably will not create more than one or two
certificates.
The length specifies the length in bits of the encryption key of the
certificate. The range is 512 to 1536 bits.
The PASSPHRASE parameter consists of 4 to 20 alphanumeric
characters that are used to export the certificate in PKCS12 file format.
Although the switch does not allow you to export certificates, you are
still required to include a value for this parameter in the command.
The COMMON_NAME, ORGANIZATIONAL_UNIT, ORGANIZATION,
LOCATION, STATE, and COUNTRY parameters make up the
distinguished name of the certificate. All of these parameters, with the
exception of the COUNTRY parameter, have lengths up to 64
characters. Spaces and special characters are not allowed.
The COUNTRY parameter is the two-character ISO 3166-1 initials of
the country, in uppercase letters.
2. After creating the self-signed certificate, designate it as the active
certificate on the switch with “IP HTTPS CERTIFICATE” on
page 1356, in the Global Configuration mode. The command has this
format:
ip https certificate
id_number
The ID_NUMBER parameter is the ID number of the new certificate
you created in step 1.
3. Activate the HTTPS web browser server with “SERVICE HTTPS” on
page 1355, in the Global Configuration mode. This command has no
parameters.