Filter
Top Products
298 Managing certificates
The Nortel SNAS can support a maximum of 1500 certificates. However,
only one server certificate can be mapped to a portal server at any one
time. For information about mapping a certificate to the portal server, see
“Configuring SSL settings” (page 102).
If you ran the quick setup wizard during initial setup, a test certificate has
been installed and mapped to the Nortel SNAS portal.
You can install new certificates or import or renew existing certificates.
ATTENTION
The Nortel SNAS supports keys and certificates created by using Apache-SSL,
OpenSSL, or Stronghold SSL. However, for greater security, Nortel recommends
creating keys and generating certificate signing requests from within the Nortel
SNAS system using the CLI or SREM. This way, the encrypted private key never
leaves the Nortel SNAS and is invisible to the user.
Key and certificate formats
The Nortel SNAS supports importing, saving, and exporting private keys
and certificates in a number of standard formats. Table 53 "Supported key
and certificate formats" (page 298) summarizes the supported formats.
Table 53
Supported key and certificate formats
Format
Import/Add Export/Save Comment
PEM* Yes Yes Encrypts the private key. Combines the private key and
certificate in the same file.
ATTENTION
*You must use the PEM format when:
• you save keys and certificates by copying
•
you add a key or certificate by pasting
DER Yes Yes Does not encrypt the private key. Allows you to store
the private key and certificate in separate files.
NET Yes Yes Encrypts the private key. Allows you to store the private
key and certificate in separate files.
PKCS12
(also
known
as PFX)
Yes Yes Encrypts the private key. Combines the private key
and certificate in the same file. Most browsers allow
importing a combined key and certificate file in the
PKCS12 format.
PKCS7 Yes No Certificate only.
PKCS8 Yes No Key only (used in WebLogic).
MS IIS 4 Yes No Key only (proprietary format).
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.