Filter
Top Products
300 Managing certificates
If you do not generate a CSR but obtain the certificate by other means,
you must take additional steps to add a private key that corresponds to
the public key of the certificate (see “Adding a private key to the Nortel
SNAS ” (page 312)).
If you use the certificate index number of an installed certificate when
adding a new certificate, the installed certificate is overwritten.
After you have installed the certificate, map it to the Nortel SNAS portal
(see “Configuring SSL settings” (page 102)).
Saving or exporting certificates and keys
You can extract copies of certificates and keys to save as backup or to
install on another device.
There are two ways to retrieve a certificate and key from the Nortel SNAS
cluster:
• by copying (see “Displaying or saving a certificate and key” (page 316))
•
by exporting to a TFTP/FTP/SCP/SFTP server (see “Exporting a
certificate and key from the Nortel SNAS ” (page 318))
The copy-and-paste method saves the certificate and key in PEM format.
The export method allows you to choose from a variety of file formats.
Nortel recommends using the PKCS12 format (also known as PFX). Most
web browsers accept importing a combined key and certificate file in the
PKCS12 format. For more information about the formats supported on the
Nortel SNAS, see “Key and certificate formats” (page 298).
Updating certificates
To update or renew an existing certificate, do not replace the existing
certificate by using its certificate number when you generate the CSR or
add the new certificate. Rather, keep the existing certificate until you have
verified that the new certificate works as designed.
The recommended steps to update an existing certificate are:
Step Action
1 Check the certificate numbers currently in use to identify an
unused certificate number.
In the CLI, use the /cfg/cur cert command. In the SREM,
use the Certificates > Certificates screen to add a new
certificate.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100 03.01 Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.