Allied Telesis AT-S60 User Manual

AT-S60 Command Line User’s Guide

253

Description

This command creates a self-signed certificate using an ENCO private
RSA key and the switch’s distinguished name. The switch’s distinguished
name, set with the SET SYSTEM DISTINGUISHEDNAME on page 261, is
inserted in the issuer field of the certificate. This certificate is suitable for
use with an SSL-enabled HTTP server or where third party trust is not
required.

Note

Before executing this command, set the system time correctly. See
SET TIME on page 66.

The KEYPAIR parameter specifies the encryption key-id of the private
RSA key that will be used to sign the certificate. This key must already be
configured. See CREATE ENCO KEY on page 243.

The SERIALNUMBER parameter specifies the number to be inserted into
the serial number field of the certificate. Usually, this parameter is set
to 0.

The FORMAT parameter specifies the type of encoding the certificate
will use. The DER encoding is binary and so it cannot be displayed in a
text editor once it has been generated. The default is DER. The PEM value
is ASCII-encoded and allows the certificate to be displayed in a text
editor once it has been generated.

The SUBJECT parameter specifies the distinguished name inserted in the
subject field of the certificate for this certificate only. If this parameter is
not specified, the system distinguished name is used. See SET SYSTEM
DISTINGUISHEDNAME on page 261.

Note

The certificate is valid for two years from the current date.

Example

The following command creates a self-signed certificate in a file called
mycert.cer:

create pki certificate=mycert keypair=1
serialnumber=1234