Certificate management, Generating a self-signed certificate – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 114
102
Brocade Virtual ADX Security Guide
53-1003250-01
Configuring SSL on a Brocade Virtual ADX
6
NOTE
The Brocade Virtual ADX does not support key strength greater than 2048 bits.
The password variable specifies the password to the file. The length of password should not exceed
64 characters.
Once a key pair is generated it can be saved for backup on your server by exporting it as described
in
“Importing keys and certificates”
Also, you can import a keypair file (instead of generating it) as described in
NOTE
The Brocade Virtual ADX supports keys in PEM (Privacy Enhanced Mail) or PKCS12 (Public Key
Cryptography Standard 12) formats.
Certificate management
All configuration options used with the SSL features of the Brocade Virtual ADX require that you
obtain a certificate and upload it to the system. The following methods can be used to obtain a
certificate.
•
“Generating a self-signed certificate”
•
“Using CA-signed certificates”
•
“Exporting web server certificates”
Once a digital certificate and a keypair are obtained you can Import them to the Brocade Virtual
ADX using the procedures described in
“Importing keys and certificates”
on page 109. This section
also describes how to configure a list of certificates that have been revoked by a CA in
Generating a self-signed certificate
Before generating a self-signed certificate, you must obtain an RSA key pair as described in
“Obtaining a Brocade Virtual ADX keypair file”
Once you’ve obtained the RSA key pair, you can generate a self-signed certificate as shown in the
following example.
Virtual ADX#ssl gencert certkey testkey signkey testkey brocade123 testcert
You are about to be asked to enter information that will be incorporated into
your certificate request. The information you enter is what is called a
Distinguished Name or a DN.
Country name (2 letter code) [US] US
State or province (full name) [Some state] TX
Locality name (city) [Some city] Dallas
Organization name (Company name) Brocade
Organizational unit name (department) Engineering
Common name (your domain name) www.brocade.com
Email address [[email protected]] [email protected]
Syntax: ssl gencert certkey key-pair-file signkey key-pair-file password cert-name
The key-pair-file variable is the name of the RSA key pair used to build and sign this certificate. It is
created using the ssl genrsa command.