3com WXR100 3CRWXR10095A User Manual

Creating Keys and Certificates

421

Creating

Public-Private Key

Pairs

To use a self-signed certificate or Certificate Signing Request (CSR)
certificate for WX switch authentication, you must generate a
public-private key pair.

To create a public-private key pair, use the following command:

crypto generate key {admin | domain | eap | ssh | web}
{128 | 512 | 1024 | 2048}

Choose the key length based on your need for security or to conform
with your organization’s practices. For example, the following command
generates an administrative key pair of 1024 bits:

You must paste the entire block, from the beginning
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.

# crypto generate key admin 1024
admin key pair generated

PKCS #12 object
file certificate

1 Copy a PKCS #12 object file

(public-private key pair, server
certificate, and CA certificate) from
a CA onto the WX switch.

2 Enter the one-time password to

unlock the file.

3 Unpack the file into the switch’s

certificate and key store.

“Installing a Key
Pair and Certificate
from a PKCS #12
Object File” on
page 423

Certificate Signing
Request (CSR)
certificate

1 Generate a public-private key pair

on the WX switch.

2 Generate a CSR on the switch as a

PKCS #10 object file.

3 Give the CSR to a CA and receive a

signed certificate (a PEM-encoded
PKCS #7 object file).

4 Paste the PEM-encoded file into the

CLI to store the certificate on the
WX switch.

5 Obtain and install the CA’s own

certificate.

“Creating
Public-Private
Key Pairs” on
page 421

“Creating a CSR
and Installing a
Certificate from
a PKCS #7
Object File” on
page 424

“Installing a
CA’s Own
Certificate” on
page 425

Table 37 Procedures for Creating and Validating Certificates (continued)

File Type

Steps Required

Instructions