Filter
Top Products
Managing keys and certificates 457
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Creating a CSR and installing a certificate from a PKCS #7 object file
After creating a public-private key pair, you can obtain a signed certificate of authenticity from a CA by generating a
Certificate Signing Request (CSR) from the WSS. A CSR is a text block with an encoded request for a signed certificate
from the CA.
1 To generate a request for a CA-signed certificate, use the following command:
crypto generate request {admin | eap | web}
When prompted, enter values for each of six identification fields.
You must include a common name (string) when you generate a CSR. Use a fully qualified name if such
names are supported on your network. The other information is optional. For example:
WSS# crypto generate request admin
Country Name: US
State Name: MI
Locality Name: Detroit
Organizational Name: example
Organizational Unit: eng
Common Name: WSS-34
Email Address: admin@example.com
Unstructured Name: south tower, wiring closet 125
When completed successfully, the command returns a Privacy-Enhanced Mail (PEM)-formatted
PKCS #10 CSR. PEM encoding is a way of representing a non-ASCII file format in ASCII characters.
The encoded object is the PKCS #10 CSR. Give the CSR to a CA and receive a signed certificate (a
PEM-encoded PKCS #7 object file).
2 To install a certificate from a PKCS #7 file, use the following command to prepare the switch to receive
it:
crypto certificate {admin | eap | web} PEM-formatted certificate
3 Use a text editor to open the PKCS #7 file, and copy and paste the entire text block, including the
beginning and ending delimiters, into the CLI.
Note. Many certificate authorities have their own unique requirements. Follow the
instructions in the documentation for your CA to properly format the fields you complete
when generating a CSR.
Note. You must paste the entire block, from the beginning
-----BEGIN CERTIFICATE----- to the end -----END CERTIFICATE-----.