Allied Telesis AT-S63 User Manual
Page 609

AT-S63 Management Software Command Line Interface User’s Guide
Section VIII: Management Security
609
2. This command creates a self-signed certificate using the key created
in step 1. The certificate is assigned the filename “Sw12cert.cer. (The 
“.cer” extension is not included in the command because it is added 
automatically by the management software.) The certificate is 
assigned the serial number 0 and a distinguished name of 
149.11.11.11, which is the IP address of a master switch:
create pki certificate=Sw12cert keypair=4 serialnumber=0 
subject="cn=149.11.11.11"
3. This command adds the new certificate to the certificate database. The
certificate is given a description of “Switch 12 certificate”:
add pki certificate="Switch 12 certificate" 
location=Sw12cert.cer
4. This command disables the web server:
disable http server
5. This command configures the web server by activating HTTPS and
specifying the encryption key pair created in step 1:
set http server security=enabled sslkeyid=4
6. This command enables the web server:
enable http server
General Configuration Steps for a CA Certificate
Below are the steps to configuring the switch’s web server for CA 
certificates using the command line commands. The steps explain how to 
create an encryption key and a self-signed certificate, and how to 
configure the web server for the certificate:
1. Set the switch’s date and time. You can do this manually using the
“SET DATE” on page 95 or you can configure the switch to obtain the 
date and time from an SNTP server using “ADD SNTPSERVER 
PEER|IPADDRESS” on page 90.
2. Create an encryption key pair using “CREATE ENCO KEY” on
page 614 (syntax 1).
3. Set the switch’s distinguished name using “SET SYSTEM
DISTINGUISHEDNAME” on page 634.
4. Create an enrollment request using “CREATE PKI
