Configuring ca certificates – Allied Telesis AT-S60 User Manual

Chapter 19: Web Server

Section III: Security Features

338

Warning

Using this command creates a certificate that is only suitable for
secure switch management via the GUI. A pop-up message appears
in the browser window warning that the certificate is not issued by
a trusted authority. For details, see Chapter 21: Web Server page
333.

6. Load self-signed switch certificate to the certificate database.

To load the signed switch certificate onto the switch, see Adding
Certificates to the Database on page 369.

Note

Make sure you have a valid IP address for your web server.

7. Enable SSL on the HTTP Web server

To enable SSL on the HTTP server with a previously created SSL
Key, use the procedure described in Configuring the Web Server
for Security Features on page 335.

Configuring CA

Certificates

To create a CA certificate, you perform many of the same steps as you
did when you created a self-signed certificate. Then you generate an
enrollment request. After you upload the enrollment request, you apply
for a certificate from a known certificate authority such as Verisign
(www.verisign.com). Then, you use this certificate to deploy an AT-8400
Series switch on a commercial network.

To configure a CA Certificate on your switch, perform the following
procedure:

1. Login with a Manager login id.

2. Create an RSA key pair for this switch.

To create an RSA key pair, see Configuring Keys for Encryption
on page 347.

3. Set the switch’s distinguished name.

To configure a distinguished name for a switch, see Configuring
Keys for Encryption on page 347.

4. Set the Universal Coordinated Time (UTC).

To set the time, see the procedure in Setting the System Time on
page 52.

5. Generate an enrollment request.

See the procedure in Generating Enrollment Requests on page
378.