3com WXR100 3CRWXR10095A User Manual
424
C
HAPTER
20: M
ANAGING
K
EYS
AND
C
ERTIFICATES
Creating a CSR and
Installing a Certificate
from a PKCS #7
Object File
After creating a public-private key pair, you can obtain a signed certificate
of authenticity from a CA by generating a Certificate Signing Request
(CSR) from the WX switch. A CSR is a text block with an encoded request
for a signed certificate from the CA.
of authenticity from a CA by generating a Certificate Signing Request
(CSR) from the WX switch. A CSR is a text block with an encoded request
for a signed certificate from the CA.
Many certificate authorities have their own unique requirements. Follow
the instructions in the documentation for your CA to properly format the
fields you complete when generating a CSR.
the instructions in the documentation for your CA to properly format the
fields you complete when generating a CSR.
1 To generate a request for a CA-signed certificate, use the following
command:
crypto generate request {admin | eap | web}
When prompted, enter values for each of six identification fields.
You must include a common name (string) when you generate a CSR.
Use a fully qualified name if such names are supported on your network.
The other information is optional. For example:
Use a fully qualified name if such names are supported on your network.
The other information is optional. For example:
You must paste the entire block, from the beginning
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.
-----BEGIN CERTIFICATE REQUEST----- to the end
-----END CERTIFICATE REQUEST-----.
# crypto generate request admin
Country Name: US
State Name: MI
Locality Name: Detroit
Organizational Name: example
Organizational Unit: eng
Common Name: WX-34
Email Address: admin@example.com
Unstructured Name: south tower, wiring closet 125
Country Name: US
State Name: MI
Locality Name: Detroit
Organizational Name: example
Organizational Unit: eng
Common Name: WX-34
Email Address: admin@example.com
Unstructured Name: south tower, wiring closet 125
When completed successfully, the command returns a Privacy-Enhanced
Mail (PEM)-formatted PKCS #10 CSR. PEM encoding is a way of
representing a non-ASCII file format in ASCII characters. The encoded
object is the PKCS #10 CSR. Give the CSR to a CA and receive a signed
certificate (a PEM-encoded PKCS #7 object file).
Mail (PEM)-formatted PKCS #10 CSR. PEM encoding is a way of
representing a non-ASCII file format in ASCII characters. The encoded
object is the PKCS #10 CSR. Give the CSR to a CA and receive a signed
certificate (a PEM-encoded PKCS #7 object file).
1 To install a certificate from a PKCS #7 file, use the following command to
prepare the switch to receive it:
crypto certificate {admin | eap | web} PEM-formatted
certificate
certificate