Allied Telesis AT-S62 User Manual
Page 601

AT-S62 Management Software Command Line Interface User’s Guide
Section VII: Management Security
601
After creating a new self-signed certificate, you need to load it into the 
certificate database. The switch cannot use the certificate for encrypted 
web browser management systems until it is loaded into the database. For 
instructions, refer to “ADD PKI CERTIFICATE” on page 598.
Note
For a review of the steps to configuring the web server for a self-
signed certificate, refer to “SET HTTP SERVER” on page 583.
The CERTIFICATE parameter assigns a file name to the certificate. This is 
the name under which the certificate will be stored as in the switch’s file 
system. The name can be from one to eight alphanumeric characters. If 
the name includes a space, it must be enclosed in double quotes. The 
software automatically adds the extension “.cer” to the name.
The KEYPAIR parameter specifies the ID of the encryption key that you 
want to use to create the certificate. The public key of the pair will be 
incorporated into the certificate. The key pair that you select must already 
exist on the switch. To create a key pair, refer to “CREATE ENCO KEY” on 
page 590. To view the IDs of the keys already on the switch, refer to 
“SHOW ENCO” on page 596.
The SERIALNUMBER parameter specifies the number to be inserted into 
the serial number field of the certificate. A serial number is typically used to 
distinguish a certificate from all others issued by the same issuer, in this 
case the switch. Self-signed certificates are usually assigned a serial 
number of 0.
The FORMAT parameter specifies the type of encoding the certificate will 
use. PEM is ASCII-encoded and allows the certificate to be displayed once 
it has been generated. DER encoding is binary and so cannot be 
displayed. The default is DER.
The SUBJECT parameter specifies the distinguished name for the 
certificate. The name is inserted in the subject field of the certificate. Allied 
Telesyn recommends using the IP address of the master switch as the 
distinguished name (for example, “cn=149.11.11.11”). If your network has 
a Domain Name System and you mapped a name to the IP address of a 
switch, you can specify the switch’s name instead of the IP address as the 
distinguished name. For a explanation of distinguished names, refer to 
Chapter 32, “PKI Certificates and SSL” in the AT-S62 Management 
Software Menus Interface User’s Guide.
