Allied Telesis AT-S60 User Manual

AT-S60 Command Line User’s Guide

251

The LOCATION parameter specifies the file name of the certificate. This is
the name that is used to retrieve a certificate from the switch’s file
system. The local file must be a valid filename with the file extension
of.cer. The .cer file must already exist. There are two ways to create
this type of file. Either you create a self-signed certificate using the
CREATE PKI CERTIFICATE command or you download a CA certificate
onto the switch.

The TRUSTED parameter specifies whether or not the certificate is
automatically trusted. You must manually verify if a certificate is from a
certificate authority that is trusted or untrusted. If you have manually
verified a certificate is from a trusted CA, set this parameter to TRUE. Set
this parameter to FALSE, if you have manually verified that the certificate
is from an untrusted CA. In addition, you can set this parameter to FALSE
if you have not yet manually verified the state of the CA. The default is
FALSE. Typically, you set self-signed root CA certificates and certificates
from a trusted third-party, such as Verisign, as automatically trusted.
Check the certificate’s fingerprint and other details using SHOW PKI
CERTIFICATE on page 263.

The TYPE parameter specifies what type of certificate is being added. If
CA is specified, the switch tags this certificate as a CA certificate. If END
ENTITY or EE is specified, the switch tags the certificate to indicate that it
belongs to another end entity. If SELF is specified, the switch tags the
certificate as a self-signed certificate. The default is ENDENTITY.

Example

The following command loads a trusted certificate, called
“bobscertificate,” with a type of End Entity and a filename of
bobscertificate.cer:

add pki certificate=bobscertificate trusted=yes
type=ee location=bobcertificate.cer