3Com WX4400 3CRWX440095A User Manual

424

C

HAPTER

20: M

ANAGING

K

EYS

AND

C

ERTIFICATES

Creating a CSR and

Installing a Certificate

from a PKCS #7

Object File

After creating a public-private key pair, you can obtain a signed certificate
of authenticity from a CA by generating a Certificate Signing Request
(CSR) from the WX switch. A CSR is a text block with an encoded request
for a signed certificate from the CA.

Many certificate authorities have their own unique requirements. Follow
the instructions in the documentation for your CA to properly format the
fields you complete when generating a CSR.

1 To generate a request for a CA-signed certificate, use the following

command:

crypto generate request {admin | eap | web}

When prompted, enter values for each of six identification fields.

You must include a common name (string) when you generate a CSR.
Use a fully qualified name if such names are supported on your network.
The other information is optional. For example:

You must paste the entire block, from the beginning
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.

# crypto generate request admin
Country Name: US
State Name: MI
Locality Name: Detroit
Organizational Name: example
Organizational Unit: eng
Common Name: WX-34
Email Address: [email protected]
Unstructured Name: south tower, wiring closet 125

When completed successfully, the command returns a Privacy-Enhanced
Mail (PEM)-formatted PKCS #10 CSR. PEM encoding is a way of
representing a non-ASCII file format in ASCII characters. The encoded
object is the PKCS #10 CSR. Give the CSR to a CA and receive a signed
certificate (a PEM-encoded PKCS #7 object file).

1 To install a certificate from a PKCS #7 file, use the following command to

prepare the switch to receive it:

crypto certificate {admin | eap | web} PEM-formatted
certificate