Nortel Networks 4050 Benutzerhandbuch

Chapter 11 Managing certificates 573

Nortel Secure Network Access Switch 4050 User Guide

Creating certificates

The basic steps to create a new certificate are:

1

Generate a Certificate Signing Request (CSR) (see

“Generating and

submitting a CSR using the CLI” on page 579

“Generating and submitting

a CSR using the SREM” on page 601

2

Send the CSR to a Certificate Authority (CA), such as Entrust or VeriSign, for
certification (see

“Generating and submitting a CSR using the CLI” on

“Generating and submitting a CSR using the SREM” on

3

Install the signed certificate on the Nortel SNAS 4050 cluster (see

certificates and keys” on page 573

).

4

Map the installed certificate to the Nortel SNAS 4050 portal server (see

“Configuring SSL settings using the CLI” on page 139

“Configuring SSL

settings using the SREM” on page 176

).

Installing certificates and keys

There are two ways to install a certificate and key in the Nortel SNAS 4050
cluster:

•

by pasting (see

“Adding a certificate to the Nortel SNAS 4050 using the CLI”

•

by importing from a TFTP/FTP/SCP/SFTP server (see

“Importing certificates

and keys into the Nortel SNAS 4050 using the CLI” on page 588

or

“Importing a certificate or key using the SREM” on page 603

When you generate the CSR, the private key is created and stored in encrypted
form on the Nortel SNAS 4050 using the specified certificate number. After you
receive the certificate, which contains the corresponding public key, use the same
certificate number when you add the certificate to the Nortel SNAS 4050.
Otherwise, the private key and the public key in the certificate will not match.

If you do not generate a CSR but obtain the certificate by other means, you must
take additional steps to add a private key that corresponds to the public key of the
certificate (see

“Adding a private key to the Nortel SNAS 4050 using the CLI” on