Allied Telesis AT-S63 User Manual
Page 656

Chapter 37: Web Server Commands
656
Section IX: Management Security
5. Upload the enrollment request from the switch to a management
station or FTP server using “UPLOAD METHOD=XMODEM” on 
page 220 or “UPLOAD METHOD=TFTP” on page 217.
6. Submit the enrollment request to a CA.
7. After you have received the CA certificates, download them into the
switch’s file system using “LOAD METHOD=XMODEM” on page 207 
or “LOAD METHOD=TFTP” on page 202.
8. Add the CA certificates to the certificate database using “ADD PKI
9. Disable the switch’s web server using the command “DISABLE HTTP
10. Configure the web server using “SET HTTP SERVER” on page 653.
11. Activate the web server using “ENABLE HTTP SERVER” on page 651
The following is an example of the command sequence for configuring the 
web server for CA certificates. It explains how to create an encryption key 
and enrollment request, and how to download the CA certificates on the 
switch. (The example does not include step 1, setting the system time, and 
the procedure for submitting the request to a CA, which will vary 
depending on the enrollment requirements of the CA.) 
1. This command creates the encryption key pair with an ID of 8, a length
of 512 bits, and the description “Switch 24 key”:
create enco key=8 type=rsa length=512 description="Switch 
24 key"
2. This command sets the switch’s distinguished name to the IP address
149.44.44.44, which is the IP address of a master switch:
set system distinguishedname="cn=149.44.44.44"
3. This command creates an enrollment request using the encryption key
created in step 1. It assigns the request the filename “sw24cer.csr”. 
The command omits the “.csr” extension because the management 
software adds it automatically:
create pki enrollmentrequest=sw24cer
keypair=8
4. This command uploads the enrollment request from the switch’s file
system to a TFTP server. The command assumes that the TFTP 
server has the IP address 149.88.88.88. (This step could also be 
performed using Xmodem.)
upload method=tftp destfile=c:sw24cer.csr 
server=149.88.88.88 file=sw24cer.csr
