Distinguished names – Allied Telesis AT-S63 User Manual
Page 721
AT-S63 Management Software Menus Interface User’s Guide
Section VII: Management Security
721
devices.
If your company is large enough, it might have a private CA and you might
want that group to issue any AT-9400 Series switch certificates, if for no
other reason than to follow company policy.
What is required to create a certificate by a public or private CA? First, you
must create a key pair. After you have done that you need to generate an
digital document called an enrollment request. The request contains the
public key that you want the CA to use to create the certificate, along with
other information.
Before you send an enrollment request to a CA, it is best to first contact
the CA to determine what other documents or procedures might be
required in order for the CA to create the certificate. This is particularly
important with public CAs, which typically have strict guidelines on issuing
certificates.
Distinguished
Names
Part of the task of creating a self-signed certificate or enrollment request is
selecting a distinguished name. A distinguished name is integrated into a
certificate along with the key. A distinguished name can have up to five
parts. The parts are:
cn - common name
This can be the name of the person who will use the certificate.
ou - organizational unit
This is the name of a department, such as Network Support or IT.
o - organization
This is the name of the company.
st - state
This is the state.
c - country
This is the country
A certificate name does not need to contain all of these parts. You can use
as many or as few as you want. You separate the parts with a comma. You
can use alphanumeric characters, as well as spaces in the name strings.
You cannot use quotation marks. To use the following special characters
{=,+<>#;\
Following are a few examples. This distinguished name contains only one
part, the name of the switch:
cn=Production Switch