Creating Keys And Certificates - D-Link DWS-1008 User Manual
Wireless 8 port switch with poe
Hide thumbs
Also See for DWS-1008:
- Cli reference manual (531 pages) ,
- Product manual (502 pages) ,
- Installation manual (17 pages)
Table of Contents
Advertisement
DWS-1008 User's Manual
PKCS #12 Personal
Creating Keys and Certificates
You must create a public-private key pair, and request, accept, or generate a digital certificate
to exchange with Web View for management access, or with 802.1X or WebAAA users for
network access. The digital certificates can be self-signed or signed by a certificate authority
(CA). If you use certificates signed by a CA, you must also install a certificate from the CA to
validate the digital signatures of the certificates installed on the switch.
Each of the following types of access requires a separate key pair and certificate:
• Admin - Administrative access through Web View
• EAP - 802.1X access for network users who can access SSIDs encrypted by WEP or
WPA, and for users connected to wired authentication ports
• WebAAA - Web access for network users who can use a web page to log onto an
unencrypted SSID
Management access to the CLI through Secure Shell (SSH) also requires a key pair, but
does not use a certificate.
Choosing the Appropriate Certificate Installation Method for Your Network
Depending on your network environment, you can use any of the following methods to install
certificates and their public-private key pairs. The methods differ in terms of simplicity and
security. The simplest method is also the least secure, while the most secure method is
slightly more complex to use.
• Self-signed certificate - The easiest method to use because a CA server is not
required. The switch generates and signs the certificate itself. This method is the
simplest but is also the least secure, because the certificate is not validated (signed)
by a CA.
D-Link Systems, Inc.
Contains a certificate signed by a CA and a
Information
public-private key pair provided by the CA
Exchange
to go with the certificate.
Syntax
Because the key pair comes from the CA,
Standard
you do not need to generate a key pair or
a certificate request on the switch. Instead,
use the copy tftp command to copy the file
onto The switch.
Use the crypto otp command to enter the
one-time password assigned to the file by
the CA. (This password secures the file
so that the keys and certificate cannot be
installed by an unauthorized party. You
must know the password in order to install
them.)
Use the crypto pkcs12 command to
unpack the file.
Managing Keys and Certificates
259
Advertisement
Table of Contents
