Distinguished names – Allied Telesis AT-S63 User Manual
Page 791
AT-S63 Management Software Menus Interface User’s Guide
Section IX: Management Security
791
If your company is large enough, it might have a private CA and you might
want the group to issue the AT-9400 Series switch certificates so that you
are in compliance with company policy.
The first step to creating a CA certificate is to create a key pair. After that
you must generate an digital document called an enrollment request and
send the document to the CA. The document contains the public key and
other information that the CA will use to create the certificate.
Before sending an enrollment request to a CA, it is best to first contact the
CA to determine what other documents or procedures might be required in
order for the CA to create the certificate. This is particularly important with
public CAs, which typically have strict guidelines on issuing certificates.
Distinguished
Names
Part of the task to creating a self-signed certificate or enrollment request is
selecting a distinguished name. A distinguished name is integrated into a
certificate along with the key and can have up to five parts. The parts are:
cn - common name
This can be the name of the person who will use the certificate.
ou - organizational unit
This is the name of a department, such as Network Support or IT.
o - organization
This is the name of the company.
st - state
This is the state.
c - country
This is the country
A certificate name does not need to contain all of these parts. You can use
as many or as few as you want. You separate the parts with a comma. You
can use alphanumeric characters, as well as spaces in the name strings.
You cannot use quotation marks. To use the following special characters
{=,+<>#;\
Following are a few examples. This distinguished name contains only one
part, the name of the switch:
cn=Production Switch
This distinguished name omits the common name, but includes everything
else:
ou=Network Support,o=XYZ Inc.,st=CA,c=US