Creating a ca certificate – Allied Telesis AT-S60 User Manual

Page 241

AT-S60 Command Line User’s Guide

239

Example of Creating a Self-Signed Certificate

Here is an example of creating a self-signed certificate.

#set date 29-02-2004
#set time 10:40:55
#set system distinguishedname=”cn=Cleo Starfas
ou=Operations o=Arctic Company l=Fairbanks
s=Alaska c=us”
#create enco key=1 type=rsa length=512
description=serverkey05 format=hex
#create pki certifcate=accountingserver14
keypair=1 serialnumber=217
#add pki certificate=keithscertificate
trusted=yes type=ee
location=keithscertificate.cer
#disable http server
#set http server security=enabled sslkeyid=1
#enable http server

Creating a CA

Certificate

This section provides a procedure to configure the switch as a web
server with a CA certificate. It is followed by an example.

For detailed information about the AT-S60 security features, see
Section III: Security Features in the AT-S60 Software Management
User’s Guide.

To create a CA certificate, perform the following procedure. This
procedure lists the commands you need to enter and a cross reference
to the commands.

1. Set the date and time for the switch. You can do this manually using

SET DATE on page 64 and SET TIME on page 66. Or, you can
configure the switch to obtain the date and time from an SNTP server
using ADD SNTPSERVER IPADDRESS on page 59.

2. Assign a distinguished name to the switch using SET SYSTEM

DISTINGUISHEDNAME on page 261.

3. Create an encryption key pair using CREATE ENCO KEY on page 243.

4. Create an enrollment request using CREATE PKI

ENROLLMENTREQUEST on page 254.

5. Upload the enrollment request from the switch to a management

workstation or FTP server with UPLOAD on page 134

6. Submit the enrollment request to a CA. Usually, you would email the

enrollment request to a CA.

7. Once you have received a CA certificate, download it into the switch’s