Allied Telesis AT-S63 User Manual

Page 374

background image

Chapter 27: Web Server Commands

374

The following is an example of the command sequence for configuring
the web server for CA certificates. It explains how to create an encryption
key and enrollment request, and how to download the CA certificates on
the switch. (The example does not include step 1, setting the system
time, nor the procedure for submitting the request to a CA, which will
vary depending on the enrollment requirements of the CA.)

1. This command creates the encryption key pair with an ID of 8, a length

of 512 bits, and the description “Switch 24 key”:

create enco key=8 type=rsa length=512 description="Switch
24 key"

2. This command sets the switch’s distinguished name to the IP address

149.44.44.44, which is the IP address of a master switch:

set system distinguishedname="cn=149.44.44.44"

3.This command creates an enrollment request using the encryption
key created in step 1. It assigns the request the filename “sw24cer.csr”.
The command omits the “.csr” extension because the management
software adds it automatically:

create pki enrollmentrequest=sw24cer

keypair=8

4. This command uploads the enrollment request from the switch’s file

system to a TFTP server. The command assumes that the TFTP server
has the IP address 149.88.88.88. (This step could also be performed
using Xmodem.)

upload method=tftp destfile=c:sw24cer.csr
server=149.88.88.88 file=sw24cer.csr

5. These commands download the CA certificates into the switch’s file

system from the TFTP server. The commands assume that the IP
address of the server is 149.88.88.88 and that the certificate names are
“sw24cer.cer” and “ca.cer”. (This step could be performed using
Xmodem.)

load method=tftp destfile=sw24cer.cer server=149.88.88.88
file=c:sw24cer.cer

load method=tftp destfile=ca.cer server=149.88.88.88
file=c:ca.cer

6. These commands load the certificates into the certificate database:

add pki certificate="Switch 24 certificate"
location=sw24cert.cer

add pki certificate="CA certificate" location=ca.cer

7. This command disables the web server:

disable http server

8. This command configures the web server. It activates HTTPS and

specifies the key created in step 1:

set http server security=enabled sslkeyid=8