beautypg.com

Saving or exporting certificates and keys, Updating certificates – Nortel Networks 5500 series User Manual

Page 300

background image

300

Managing certificates

If you do not generate a CSR but obtain the certificate by other means,
you must take additional steps to add a private key that corresponds to
the public key of the certificate (see

“Adding a private key to the Nortel

SNAS ” (page 312)

).

If you use the certificate index number of an installed certificate when
adding a new certificate, the installed certificate is overwritten.

After you have installed the certificate, map it to the Nortel SNAS portal
(see

“Configuring SSL settings” (page 102)

).

Saving or exporting certificates and keys

You can extract copies of certificates and keys to save as backup or to
install on another device.

There are two ways to retrieve a certificate and key from the Nortel SNAS
cluster:

by copying (see

“Displaying or saving a certificate and key” (page 316)

)

by exporting to a TFTP/FTP/SCP/SFTP server (see

“Exporting a

certificate and key from the Nortel SNAS ” (page 318)

)

The copy-and-paste method saves the certificate and key in PEM format.

The export method allows you to choose from a variety of file formats.
Nortel recommends using the PKCS12 format (also known as PFX). Most
web browsers accept importing a combined key and certificate file in the
PKCS12 format. For more information about the formats supported on the
Nortel SNAS, see

“Key and certificate formats” (page 298)

.

Updating certificates

To update or renew an existing certificate, do not replace the existing
certificate by using its certificate number when you generate the CSR or
add the new certificate. Rather, keep the existing certificate until you have
verified that the new certificate works as designed.

The recommended steps to update an existing certificate are:

Step

Action

1

Check the certificate numbers currently in use to identify an
unused certificate number.

In the CLI, use the

/cfg/cur cert

command. In the SREM,

use the Certificates > Certificates screen to add a new
certificate.

Nortel Secure Network Access Switch

Using the Command Line Interface

NN47230-100

03.01

Standard

28 July 2008

Copyright © 2007, 2008 Nortel Networks

.

This manual is related to the following products:
See also other documents in the category Nortel Networks Computer Accessories: