Nortel 2350 用户指南
450 Managing keys and certificates
NN47250-500 (320657-F Version 02.01)
PKCS #7, PKCS #10, and PKCS #12 object files
Public-Key Cryptography Standards (PKCS) are encryption interface standards created by RSA Data Security,
Inc., that provide a file format for transferring data and cryptographic information. Nortel supports the PKCS
object files listed in
Inc., that provide a file format for transferring data and cryptographic information. Nortel supports the PKCS
object files listed in
.
Certificates automatically generated by WSS
software
software
The first time you boot a switch with WSS Software Version 4.2 or later, WSS Software automatically
generates keys and self-signed certificates, in cases where certificates are not already configured or installed.
WSS Software can automatically generate all the following types of certificates and their keys:
generates keys and self-signed certificates, in cases where certificates are not already configured or installed.
WSS Software can automatically generate all the following types of certificates and their keys:
•
Admin (required for administrative access to the switch by Web View or WLAN Management Software)
•
EAP (required for 802.1X user access through the switch)
•
Web (required for Web-based AAA user access through the switch)
Table 1: PKCS Object files supported by Nortel
File Type
Standard
Purpose
PKCS #7
Cryptographic Message
Syntax Standard
Syntax Standard
Contains a digital certificate signed by a CA.
To install the certificate from a PKCS #7 file, use the crypto
certificate command to prepare WSS Software to receive the
certificate, then copy and paste the certificate into the CLI.
A PKCS #7 file does not contain the public key to go with the
certificate. Before you generate the CSR and instal the
certificate, you must generate the public-private key pair using
the crypto generate key command.
To install the certificate from a PKCS #7 file, use the crypto
certificate command to prepare WSS Software to receive the
certificate, then copy and paste the certificate into the CLI.
A PKCS #7 file does not contain the public key to go with the
certificate. Before you generate the CSR and instal the
certificate, you must generate the public-private key pair using
the crypto generate key command.
PKCS #10
Certification Request
Syntax Standard
Syntax Standard
Contains a Certificate Signing Request (CSR), a special file with
encoded information needed to request a digital certificate from
a CA.
To generate the request, use the crypto generate request
command. Copy and paste the results directly into a browser
window on the CA server, or into a file to send to the CA server.
encoded information needed to request a digital certificate from
a CA.
To generate the request, use the crypto generate request
command. Copy and paste the results directly into a browser
window on the CA server, or into a file to send to the CA server.
PKCS #12
Personal Information
Exchange Syntax
Standard
Exchange Syntax
Standard
Contains a certificate signed by a CA and a public-private key
pair provided by the CA to go with the certificate.
Because the key pair comes from the CA, you do not need to
generate a key pair or a certificate request on the switch. Instead,
use the copy tftp command to copy the file onto the WSS.
Use the crypto otp command to enter the one-time password
assigned to the file by the CA. (This password secures the file so
that the keys and certificate cannot be installed by an
unauthorized party. You must know the password in order to
install them.)
Use the crypto pkcs12 command to unpack the file.
pair provided by the CA to go with the certificate.
Because the key pair comes from the CA, you do not need to
generate a key pair or a certificate request on the switch. Instead,
use the copy tftp command to copy the file onto the WSS.
Use the crypto otp command to enter the one-time password
assigned to the file by the CA. (This password secures the file so
that the keys and certificate cannot be installed by an
unauthorized party. You must know the password in order to
install them.)
Use the crypto pkcs12 command to unpack the file.