beautypg.com

Allied Telesis AT-S62 User Manual

Page 513

background image

AT-S62 User’s Guide

Section VII: Management Security

513

A certificate name does not have to contain all of these parts. You can
use as many or as few as you want. You separate the parts with a comma.
You can use alphanumeric characters, as well as spaces in the name
strings. You cannot use quotation marks. To use the following special
characters {=,+<>#;\}, type a “\” before the character

Here are a few examples. This distinguished name contains only one
part, the name of the switch:

cn=Production Switch

This distinguished name omits the common name, but includes
everything else:

ou=Network Support,o=XYZ Inc.,st=CA,c=US

So what would be a good distinguished name for a certificate for an
AT-8524M switch? If the switch has an IP address, such as a master
switch, you could use its address as the name. The following example is a
distinguished name for a certificate for a master switch with the IP
address 149.11.11.11:

cn=149.11.11.11

If your network has a Domain Name System and you mapped a name to
the IP address of a switch, you can specify the switch’s name instead of
the IP address as the distinguished name.

For those switches that do not have an IP address, such as slave switches,
you could assign their certificates a distinguished name using the IP
address of the master switch of the enhanced stack.

The benefit to giving a certificate a distinguished name equivalent to a
master switch’s IP address or domain name lies in what happens when
you start a web browser management session with a switch using SSL.
The web browser on your workstation will check to see if the name to
whom the certificate was issued matches the name of the web site. In
the case of a master or slave AT-8524M switch, the web site’s name is the
master switch’s IP address or domain name. If the names do not match,
the web browser displays a security warning. Of course, even if you see
the security warning, you can simply close the warning prompt. You will
still be able to configure the switch using your web browser and the
management session will use encryption.

Note

If the certificate will be issued by a private or public CA, you should
check with the CA to see if they have any rules or guidelines on
distinguished names for the certificates they issue.

See also other documents in the category Allied Telesis Computer hardware: