Nortel Networks 4050 Manual Do Utilizador
Chapter 11 Managing certificates 571
Nortel Secure Network Access Switch 4050 User Guide
You can install new certificates or import or renew existing certificates.
Key and certificate formats
The Nortel SNAS 4050 supports importing, saving, and exporting private keys
and certificates in a number of standard formats.
and certificates in a number of standard formats.
summarizes the
supported formats.
Note: The Nortel SNAS 4050 supports keys and certificates created by
using Apache-SSL, OpenSSL, or Stronghold SSL. However, for greater
security, Nortel recommends creating keys and generating certificate
signing requests from within the Nortel SNAS 4050 system using the
CLI or SREM. This way, the encrypted private key never leaves the
Nortel SNAS 4050 and is invisible to the user.
using Apache-SSL, OpenSSL, or Stronghold SSL. However, for greater
security, Nortel recommends creating keys and generating certificate
signing requests from within the Nortel SNAS 4050 system using the
CLI or SREM. This way, the encrypted private key never leaves the
Nortel SNAS 4050 and is invisible to the user.
Table 120
Supported key and certificate formats (Sheet 1 of 2)
Format
Import/Add Export/Save
Comment
PEM*
Yes
Yes
Encrypts the private key. Combines the private key and
certificate in the same file.
certificate in the same file.
DER
Yes
Yes
Does not encrypt the private key. Allows you to store
the private key and certificate in separate files.
the private key and certificate in separate files.
NET
Yes
Yes
Encrypts the private key. Allows you to store the
private key and certificate in separate files.
private key and certificate in separate files.
PKCS12
(also known as PFX)
Yes
Yes
Encrypts the private key. Combines the private key and
certificate in the same file. Most browsers allow
importing a combined key and certificate file in the
PKCS12 format.
certificate in the same file. Most browsers allow
importing a combined key and certificate file in the
PKCS12 format.
PKCS7
Yes
No
Certificate only.
PKCS8
Yes
No
Key only (used in WebLogic).
MS IIS 4
Yes
No
Key only (proprietary format).
*You must use the PEM format when:
•
you save keys and certificates by copying
•
you add a key or certificate by pasting