3com WXR100 3CRWXR10095A User Manual
420
C
HAPTER
20: M
ANAGING
K
EYS
AND
C
ERTIFICATES
Choosing the
Appropriate
Certificate
Installation Method
for Your Network
Depending on your network environment, you can use any of the
following methods to install certificates and their public-private key pairs.
The methods differ in terms of simplicity and security. The simplest
method is also the least secure, while the most secure method is slightly
more complex to use.
following methods to install certificates and their public-private key pairs.
The methods differ in terms of simplicity and security. The simplest
method is also the least secure, while the most secure method is slightly
more complex to use.
Self-signed certificate—The easiest method to use because a CA
server is not required. The WX switch generates and signs the
certificate itself. This method is the simplest but is also the least
secure, because the certificate is not validated (signed) by a CA.
server is not required. The WX switch generates and signs the
certificate itself. This method is the simplest but is also the least
secure, because the certificate is not validated (signed) by a CA.
PKCS #12 object file certificate—More secure than using
self-signed certificates, but slightly less secure than using a Certificate
Signing Request (CSR), because the private key is distributed in a file
from the CA instead of generated by the WX switch itself. The
PKCS #12 object file is more complex to deal with than self-signed
certificates. However, you can use 3Com Wireless Switch Manager,
Web Manager, or the CLI to distribute this certificate. The other two
methods can be performed only using the CLI.
self-signed certificates, but slightly less secure than using a Certificate
Signing Request (CSR), because the private key is distributed in a file
from the CA instead of generated by the WX switch itself. The
PKCS #12 object file is more complex to deal with than self-signed
certificates. However, you can use 3Com Wireless Switch Manager,
Web Manager, or the CLI to distribute this certificate. The other two
methods can be performed only using the CLI.
Certificate Signing Request (CSR)—The most secure method,
because the WX switch’s public and private keys are created on the
WX switch itself, while the certificate comes from a trusted source
(CA). This method requires generating the key pair, creating a CSR
and sending it to the CA, cutting and pasting the certificate signed by
the CA into the CLI, and then cutting and pasting the CA’s own
certificate into the CLI.
because the WX switch’s public and private keys are created on the
WX switch itself, while the certificate comes from a trusted source
(CA). This method requires generating the key pair, creating a CSR
and sending it to the CA, cutting and pasting the certificate signed by
the CA into the CLI, and then cutting and pasting the CA’s own
certificate into the CLI.
Table 37 lists the steps required for each method and refers you to
appropriate instructions. (For complete examples, see “Key and
Certificate Configuration Scenarios” on page 427.)
appropriate instructions. (For complete examples, see “Key and
Certificate Configuration Scenarios” on page 427.)
Table 37 Procedures for Creating and Validating Certificates
File Type
Steps Required
Instructions
Self-signed
certificate
certificate
1 Generate a public-private key pair
on the WX switch.
2 Generate a self-signed certificate on
the WX switch.