3com WXR100 3CRWXR10095A User Manual
422
C
HAPTER
20: M
ANAGING
K
EYS
AND
C
ERTIFICATES
Some key lengths apply only to specific key types. For example,
128
applies only to domain keys.
SSH requires an SSH authentication key, but you can allow MSS to
generate it automatically. The first time an SSH client attempts to access
the SSH server on a WX switch, the switch automatically generates a
1024-byte SSH key. If you want to use a 2048-byte key instead, use the
crypto generate key ssh 2048 command to generate one.
generate it automatically. The first time an SSH client attempts to access
the SSH server on a WX switch, the switch automatically generates a
1024-byte SSH key. If you want to use a 2048-byte key instead, use the
crypto generate key ssh 2048 command to generate one.
After you generate or install a certificate (described in the following
sections), do not create the key pair again. If you do, the certificate might
not work with the new key, in which case you will need to regenerate or
reinstall the certificate.
sections), do not create the key pair again. If you do, the certificate might
not work with the new key, in which case you will need to regenerate or
reinstall the certificate.
Generating
Self-Signed
Certificates
After creating a public-private key pair, you can generate a self-signed
certificate. To generate a self-signed certificate, use the following
command:
certificate. To generate a self-signed certificate, use the following
command:
crypto generate self-signed {admin | eap | web}
When you type the command, the CLI prompts you to enter information
to identify the certificate. For example:
to identify the certificate. For example:
You must paste the entire block, from the beginning
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.
# crypto generate self-signed admin
Country Name: US
State Name: CA
Locality Name: San Jose campus
Organizational Name: mycorp
Organizational Unit: eng
Common Name: WX1
Email Address: admin@example.com
Unstructured Name: WX in wiring closet 120
success: self-signed cert for admin generated
Country Name: US
State Name: CA
Locality Name: San Jose campus
Organizational Name: mycorp
Organizational Unit: eng
Common Name: WX1
Email Address: admin@example.com
Unstructured Name: WX in wiring closet 120
success: self-signed cert for admin generated
You must include a common name (string) when you generate a
self-signed certificate. The other information is optional. Use a fully
qualified name if such names are supported on your network. The
certificate appears after you enter this information.
self-signed certificate. The other information is optional. Use a fully
qualified name if such names are supported on your network. The
certificate appears after you enter this information.