Table of Contents
Advertisement
Certificate Signing Request (CSR)—The most secure method,
because the WX switch's public and private keys are created on the
WX switch itself, while the certificate comes from a trusted source
(CA). This method requires generating the key pair, creating a CSR
and sending it to the CA, cutting and pasting the certificate signed by
the CA into the CLI, and then cutting and pasting the CA's own
certificate into the CLI.
Table 26 lists the steps required for each method and refers you to
appropriate instructions. (For complete examples, see "Key and
Certificate Configuration Scenarios" on page 267.)
Table 26 Procedures for Creating and Validating Certificates
File Type
Self-signed
certificate
PKCS #12 object
file certificate
Certificate Signing
Request (CSR)
certificate
Creating Keys and Certificates
Steps Required
1 Generate a public-private key pair
on the WX switch.
2 Generate a self-signed certificate on
the WX switch.
1 Copy a PKCS #12 object file
(public-private key pair, server
certificate, and CA certificate) from
a CA onto the WX switch.
2 Enter the one-time password to
unlock the file.
3 Unpack the file into the switch's
certificate and key store.
1 Generate a public-private key pair
on the WX switch.
2 Generate a CSR on the switch as a
PKCS #10 object file.
3 Give the CSR to a CA and receive a
signed certificate (a PEM-encoded
PKCS #7 object file).
4 Paste the PEM-encoded file into the
CLI to store the certificate on the
WX switch.
5 Obtain and install the CA's own
certificate.
261
Instructions
"Creating
Public-Private
Key Pairs" on
page 262
"Generating
Self-Signed
Certificates" on
page 262
"Installing a Key
Pair and Certificate
from a PKCS #12
Object File" on
page 263
"Creating
Public-Private
Key Pairs" on
page 262
"Creating a CSR
and Installing a
Certificate from
a PKCS #7
Object File" on
page 264
"Installing a
CA's Own
Certificate" on
page 265
Advertisement
Table of Contents
