3Com WX4400 3CRWX440095A User Manual

Page 420

background image

420

C

HAPTER

20: M

ANAGING

K

EYS

AND

C

ERTIFICATES

Choosing the

Appropriate

Certificate

Installation Method

for Your Network

Depending on your network environment, you can use any of the
following methods to install certificates and their public-private key pairs.
The methods differ in terms of simplicity and security. The simplest
method is also the least secure, while the most secure method is slightly
more complex to use.

„

Self-signed certificate—The easiest method to use because a CA
server is not required. The WX switch generates and signs the
certificate itself. This method is the simplest but is also the least
secure, because the certificate is not validated (signed) by a CA.

„

PKCS #12 object file certificate—More secure than using
self-signed certificates, but slightly less secure than using a Certificate
Signing Request (CSR), because the private key is distributed in a file
from the CA instead of generated by the WX switch itself. The
PKCS #12 object file is more complex to deal with than self-signed
certificates. However, you can use 3Com Wireless Switch Manager,
Web Manager, or the CLI to distribute this certificate. The other two
methods can be performed only using the CLI.

„

Certificate Signing Request (CSR)—The most secure method,
because the WX switch’s public and private keys are created on the
WX switch itself, while the certificate comes from a trusted source
(CA). This method requires generating the key pair, creating a CSR
and sending it to the CA, cutting and pasting the certificate signed by
the CA into the CLI, and then cutting and pasting the CA’s own
certificate into the CLI.

Table 37 lists the steps required for each method and refers you to
appropriate instructions. (For complete examples, see “Key and
Certificate Configuration Scenarios” on page 427.)

Table 37 Procedures for Creating and Validating Certificates

File Type

Steps Required

Instructions

Self-signed
certificate

1 Generate a public-private key pair

on the WX switch.

2 Generate a self-signed certificate on

the WX switch.

„

“Creating
Public-Private
Key Pairs” on
page 421

„

“Generating
Self-Signed
Certificates” on
page 422