beautypg.com

Key and certificate formats – Nortel Networks 5500 series User Manual

Page 298

background image

298

Managing certificates

The Nortel SNAS can support a maximum of 1500 certificates. However,
only one server certificate can be mapped to a portal server at any one
time. For information about mapping a certificate to the portal server, see

“Configuring SSL settings” (page 102)

.

If you ran the quick setup wizard during initial setup, a test certificate has
been installed and mapped to the Nortel SNAS portal.

You can install new certificates or import or renew existing certificates.

ATTENTION

The Nortel SNAS supports keys and certificates created by using Apache-SSL,
OpenSSL, or Stronghold SSL. However, for greater security, Nortel recommends
creating keys and generating certificate signing requests from within the Nortel
SNAS system using the CLI or SREM. This way, the encrypted private key never
leaves the Nortel SNAS and is invisible to the user.

Key and certificate formats

The Nortel SNAS supports importing, saving, and exporting private keys
and certificates in a number of standard formats.

Table 53 "Supported key

and certificate formats" (page 298)

summarizes the supported formats.

Table 53
Supported key and certificate formats

Format

Import/Add

Export/Save

Comment

PEM*

Yes

Yes

Encrypts the private key. Combines the private key and
certificate in the same file.

ATTENTION

*You must use the PEM format when:

you save keys and certificates by copying

you add a key or certificate by pasting

DER

Yes

Yes

Does not encrypt the private key. Allows you to store
the private key and certificate in separate files.

NET

Yes

Yes

Encrypts the private key. Allows you to store the private
key and certificate in separate files.

PKCS12
(also
known
as PFX)

Yes

Yes

Encrypts the private key. Combines the private key
and certificate in the same file. Most browsers allow
importing a combined key and certificate file in the
PKCS12 format.

PKCS7

Yes

No

Certificate only.

PKCS8

Yes

No

Key only (used in WebLogic).

MS IIS 4

Yes

No

Key only (proprietary format).

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.

This manual is related to the following products:
See also other documents in the category Nortel Networks Computer Accessories: