Distinguished names – Allied Telesis AT-S63 User Manual

Page 576

background image

Chapter 27: PKI Certificates and SSL

576

Section IV: Security

company’s network equipment. The value of a private CA is that the
company can keep track of the certificates and control access to various
network devices.

If your company is large enough, it might have a private CA and you
might want that group to issue any AT-9400 Series switch certificates, if
for no other reason than to follow company policy.

What is required to create a certificate by a public or private CA? First,
you must create a key pair. After you have done that you need to
generate an digital document called an enrollment request. The request
contains the public key that you want the CA to use to create the
certificate, along with other information.

Before you send an enrollment request to a CA, it is best to first contact
the CA to determine what other documents or procedures might be
required in order for the CA to create the certificate. This is particularly
important with public CAs, which typically have strict guidelines on
issuing certificates.

Distinguished

Names

Part of the task of creating a self-signed certificate or enrollment request
is selecting a distinguished name. A distinguished name is integrated into
a certificate along with the key. A distinguished name can have up to
five parts. The parts are:

❑ cn - common name

This can be the name of the person who will use the certificate.

❑ ou - organizational unit

This is the name of a department, such as Network Support or IT.

❑ o - organization

This is the name of the company.

❑ st - state

This is the state.

❑ c - country

This is the country

A certificate name does not need to contain all of these parts. You can
use as many or as few as you want. You separate the parts with a comma.
You can use alphanumeric characters, as well as spaces in the name
strings. You cannot use quotation marks. To use the following special
characters {=,+<>#;\}, type a “\” before the character.