Pkcs #7, Pkcs #10, And Pkcs #12 Object Files; Creating Keys And Certificates - Nortel 2300 Series Configuration Manual

PKCS #7, PKCS #10, and PKCS #12 Object Files

Public-Key Cryptography Standards (PKCS) are encryption interface standards created by RSA Data Security, Inc., that
provide a file format for transferring data and cryptographic information. Nortel supports the PKCS object files listed in
Table 26.
Table 26: PKCS Object Files Supported by Nortel
File Type Standard
PKCS #7 Cryptographic Message
Syntax Standard
PKCS #10 Certification Request
Syntax Standard
PKCS #12 Personal Information
Exchange Syntax
Standard

Creating Keys and Certificates

You must create a public-private key pair, and request, accept, or generate a digital certificate to exchange with WLAN
Management Software or Web View for management access, or with 802.1X or Web-based AAA users for network
access. The digital certificates can be self-signed or signed by a certificate authority (CA). If you use certificates signed
by a CA, you must also install a certificate from the CA to validate the digital signatures of the certificates installed on
the WSS.
Each of the following types of access requires a separate key pair and certificate:
• Admin—Administrative access through WLAN Management Software or Web View
• EAP—802.1X access for network users who can access SSIDs encrypted by WEP or WPA, and for users connected
to wired authentication ports
Purpose
Contains a digital certificate signed by a CA.
To install the certificate from a PKCS #7 file, use the crypto
certificate command to prepare WSS Software to receive the
certificate, then copy and paste the certificate into the CLI.
A PKCS #7 file does not contain the public key to go with the
certificate. Before you generate the CSR and instal the
certificate, you must generate the public-private key pair using
the crypto generate key command.
Contains a Certificate Signing Request (CSR), a special file with
encoded information needed to request a digital certificate from
a CA.
To generate the request, use the crypto generate request
command. Copy and paste the results directly into a browser
window on the CA server, or into a file to send to the CA server.
Contains a certificate signed by a CA and a public-private key
pair provided by the CA to go with the certificate.
Because the key pair comes from the CA, you do not need to
generate a key pair or a certificate request on the switch. Instead,
use the copy tftp command to copy the file onto the WSS
switch.
Use the crypto otp command to enter the one-time password
assigned to the file by the CA. (This password secures the file so
that the keys and certificate cannot be installed by an
unauthorized party. You must know the password in order to
install them.)
Use the crypto pkcs12 command to unpack the file.
Nortel WLAN Security Switch 2300 Series Configuration Guide
Managing Keys and Certificates 385