Pkcs #7, Pkcs #10, And Pkcs #12 Object Files; Certificates Automatically Generated By Wss Software - Nortel 2360 Configuration Manual

450 Managing keys and certificates

PKCS #7, PKCS #10, and PKCS #12 object files

Public-Key Cryptography Standards (PKCS) are encryption interface standards created by RSA Data Security,
Inc., that provide a file format for transferring data and cryptographic information. Nortel supports the PKCS
object files listed in Table
Table 1: PKCS Object files supported by Nortel
File Type Standard
PKCS #7 Cryptographic Message
Syntax Standard
PKCS #10 Certification Request
Syntax Standard
PKCS #12 Personal Information
Exchange Syntax
Standard
Certificates automatically generated by WSS
software
The first time you boot a switch with WSS Software Version 4.2 or later, WSS Software automatically
generates keys and self-signed certificates, in cases where certificates are not already configured or installed.
WSS Software can automatically generate all the following types of certificates and their keys:
• Admin (required for administrative access to the switch by Web View or WLAN Management Software)
• EAP (required for 802.1X user access through the switch)
• Web (required for Web-based AAA user access through the switch)
NN47250-500 (320657-F Version 02.01)
1.
Purpose
Contains a digital certificate signed by a CA.
To install the certificate from a PKCS #7 file, use the crypto
certificate command to prepare WSS Software to receive the
certificate, then copy and paste the certificate into the CLI.
A PKCS #7 file does not contain the public key to go with the
certificate. Before you generate the CSR and instal the
certificate, you must generate the public-private key pair using
the crypto generate key command.
Contains a Certificate Signing Request (CSR), a special file with
encoded information needed to request a digital certificate from
a CA.
To generate the request, use the crypto generate request
command. Copy and paste the results directly into a browser
window on the CA server, or into a file to send to the CA server.
Contains a certificate signed by a CA and a public-private key
pair provided by the CA to go with the certificate.
Because the key pair comes from the CA, you do not need to
generate a key pair or a certificate request on the switch. Instead,
use the copy tftp command to copy the file onto the WSS.
Use the crypto otp command to enter the one-time password
assigned to the file by the CA. (This password secures the file so
that the keys and certificate cannot be installed by an
unauthorized party. You must know the password in order to
install them.)
Use the crypto pkcs12 command to unpack the file.