Motorola WS2000 - Wireless Switch - Network Management Device System Reference Manual page 142

6-16 WS2000 Wireless Switch System Reference Guide
Signature
Algorithm
Key Length
3. Fill in as many of the optional fields as desired or as required by the CA that will sign the certificate. The
contact information is for the organization who is making the certificate request. The less obvious fields
are:
Email
Domain Name
IP Address
4. When finished filling out the form, click Generate. The Certificate Request screen disappears and the
ID of the certificate request that was just generated will appear in the Requests ID list of the Self
Certificates window.
5. Click the Export Request
6. Click Copy to Clipboard
7. Create an email to your CA, paste the content into the body of the message, and send it to the CA.
8. The CA will "sign" the certificate and send it back. At this point, copy the content from the email onto
the clipboard. Then, click the
displayed in the window.
9. Click the Import Certificate
authentication option. The certificate ID will appear in the Signed list, where you can view information
about it.
10.Apply your changes.
To use the certificate for a VPN tunnel, first define a tunnel and select the IKE settings to use either RSA or
DES certificates.
NOTE: Note: If the switch is rebooted after a certificate request has been generated but before the signed
certificate is imported, the import will not execute properly. Please do not reboot the switch during this
interval.
Indicate the signature algorithm to use for the certificate. The selection should match the
VPN tunnel settings.
• MD5-RSA: Message Digest 5 algorithm in combination with RSA encryption.
• SHA1-RSA: Secure Hash Algorithm 1 in combination with RSA encryption.
Indicate the desired length of the key. Possible values are 512, 1024, and 2048.
Enter the email address to be used for identification purposes. Typically a CA requires either an
email address, a domain name, or an IP address for identification purposes.
Enter the domain name to associate with the certificate. This field is often required by the CA.
Enter the WAN IP of the WS 2000 Wireless Switch. Check with your CA to determine whether
this information is necessary. Often it can be omitted if either the email or domain name
information is provided.
button. The generated certificate request appears in the large text box.
and the content of request to be sent to the CA will be copied to the clipboard.
Paste from Clipboard
button to import the certificate and make it available for use as a VPN
button and the content of the email will be