Allied Telesis AT-S62 User Manual

Chapter 33: Web Server Commands

502

The certificate is assigned the filename “Sw12cert.cer. (The “.cer”
extension is not included in the command because the
management software adds it automatically.) The certificate is
assigned the serial number 0 and a distinguished name of
149.11.11.11, which is the IP address of a master switch:

create pki certificate=Sw12cert keypair=4
serialnumber=0 subject=”cn=149.11.11.11”

3. This command adds the new certificate to the certificate database.

The certificate is given a description of “Switch 12 certificate”:

add pki certificate=”Switch 12 certificate”
location=Sw12cert.cer

4. This command disables the web server:

disable http server

5. This command configures the web server by activating HTTPS and

specifying the encryption key pair created in step 1:

set http server security=enabled sslkeyid=4

6. This command enables the web server:

enable http server

General Configuration Steps for a CA Certificate

Below are the steps to configuring the switch’s web server for CA
certificates using the command line commands. The steps explain how
to create an encryption key pair and an enrollment request, and how to
load the CA certificates onto the switch:

1. Set the switch’s date and time. You can do this manually using the SET

DATE TIME on page 76 or you can configure the switch to obtain the
date and time from an SNTP server using ADD SNTPSERVER
PEER|IPADDRESS on page 71.

2. Create an encryption key pair using CREATE ENCO KEY on page 508

(syntax 1).

3. Set the switch’s distinguished name using SET SYSTEM

DISTINGUISHEDNAME on page 528.

4. Create an enrollment request using CREATE PKI

ENROLLMENTREQUEST on page 521.

5. Upload the enrollment request from the switch to a management

workstation or FTP server using UPLOAD METHOD=LOCAL on page
246.

6. Submit the enrollment request to a CA.

7. Once you have received the CA certificates, download them into the

switch’s file system using LOAD METHOD=TFTP on page 238.