Creating Certificates And Private Keys - Extreme Networks ExtremeWare XOS Guide Manual
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (496 pages) ,
- Command reference manual (970 pages)
Table of Contents
Advertisement
To disable SSL and HTTPS, enter the following command:
disable web https
Creating Certificates and Private Keys
When you generate a certificate, the certificate is stored in the configuration file, and the private key is
stored in the EEPROM. The certificate generated is in PEM format.
To create a self-signed certificate and private key that can be saved in the EEPROM, use the following
command:
configure ssl certificate privkeylen <length> country <code> organization <org_name>
common-name <name>
Make sure to specify the following:
Country code (maximum size of 2 characters)
●
Organization name (maximum size of 64 characters)
●
Common name (maximum size of 64)
●
Any existing certificate and private key is overwritten.
The size of the certificate depends on the RSA key length (
parameters (
,
country
organization name
1024, then the certificate is approximately 1 kb. For an RSA key length of 4096, the certificate length is
approximately 2 kb, and the private key length is approximately 3 kb.
Downloading a Certificate Key from a TFTP Server
You can download a certificate key from files stored in a TFTP server. If the operation is successful, any
existing certificate is overwritten. After a successful download, the software attempts to match the
public key in the certificate against the private key stored. If the private and public keys do not match,
the switch displays a warning message similar to the following:
not match with the Public Key in the certificate
download the private key.
Downloaded certificates and keys are not saved across switch reboots unless you save your current
switch configuration. Once you issue the
configuration file and the private key is stored in the EEPROM.
To download a certificate key from files stored in a TFTP server, use the following command:
download ssl <ip_address> certificate <cert file>
NOTE
For security measures, you can only download a certificate key in the VR-Mgmt virtual router.
To see whether the private key matches with the public key stored in the certificate, use the following
command:
show ssl
ExtremeWare XOS 11.3 Concepts Guide
privkeylen
, and so forth) supplied by the user. If the RSA key length is
Warning: The Private Key does
. This warning acts as a reminder to also
command, the downloaded certificate is stored in the
save
Secure Socket Layer
) and the length of the other
341
Advertisement
Chapters
Table of Contents
Troubleshooting
