Nortel Networks NN47250-500 User Manual
Managing keys and certificates 525
Nortel WLAN—Security Switch 2300 Series Configuration Guide
The keys are 512 bytes long.
WSS Software automatically generates self-signed certificates only in cases where no certificate is already
configured. WSS Software does not replace self-signed certificates or CA-signed certificates that are already
configured on the switch. You can replace an automatically generated certificate by creating another
self-signed one or by installing a CA-signed one. To use a longer key, configure the key before creating the
new certificate (or certificate request, if you plan to install a CA-signed certificate).
configured. WSS Software does not replace self-signed certificates or CA-signed certificates that are already
configured on the switch. You can replace an automatically generated certificate by creating another
self-signed one or by installing a CA-signed one. To use a longer key, configure the key before creating the
new certificate (or certificate request, if you plan to install a CA-signed certificate).
If generated by WSS Software Version 4.2.3 or later, the automatically generated certificates are valid for
three years, beginning one week before the time and date on the switch when the certificate is generated.
three years, beginning one week before the time and date on the switch when the certificate is generated.
Creating keys and certificates
Public-private key pairs and digital certificates are required for management access with WLAN Management
Software or Web View, or for network access by 802.1X or Web-based AAA users. The digital certificates can
be self-signed or signed by a certificate authority (CA). If you use certificates signed by a CA, you must also
install a certificate from the CA to validate the digital signatures of the certificates installed on the WSS.
Software or Web View, or for network access by 802.1X or Web-based AAA users. The digital certificates can
be self-signed or signed by a certificate authority (CA). If you use certificates signed by a CA, you must also
install a certificate from the CA to validate the digital signatures of the certificates installed on the WSS.
Generally, CA-generated certificates are valid for one year beginning with the system time and date that are in
effect when you generate the certificate request. Self-signed certificates generated when running WSS
Software Version 4.2.3 or later are valid for three years, beginning one week before the time and date on the
switch when the certificate is generated.
effect when you generate the certificate request. Self-signed certificates generated when running WSS
Software Version 4.2.3 or later are valid for three years, beginning one week before the time and date on the
switch when the certificate is generated.
Each of the following types of access requires a separate key pair and certificate:
•
Admin—Administrative access through WLAN Management Software or Web View
•
EAP—802.1X access for network users who can access SSIDs encrypted by WEP or WPA, and for users
connected to wired authentication ports
connected to wired authentication ports
•
Web-based AAA—Web access for network users who can use a web page to log onto an unencrypted
SSID
SSID
Management access to the CLI through Secure Shell (SSH) also requires a key pair, but does not use a certifi-
cate. (For more SSH information, see
cate. (For more SSH information, see
.)
Secure WSS to WSS communications also requires a key pair and certificate. However, the certificate is
generated automatically when you enable Secure WSS to WSS communications.
generated automatically when you enable Secure WSS to WSS communications.