Configuring The Https Web Server For A Certificate Issued By A Ca - Allied Telesis AT-9000/28 Command Line User's Manual
Alliedware plus version 2.1.2 management software for layer 2-4 gigabit ethernet ecoswitches
Hide thumbs
Also See for AT-9000/28:
- Installation manual (70 pages) ,
- Datasheet (4 pages) ,
- User manual (1482 pages)
Table of Contents
Advertisement
Chapter 80: Secure HTTPS Web Browser Server
Configuring the HTTPS Web Server for a Certificate Issued by a CA
1168
Here are the main steps to configuring the HTTPS web browser server for
a certificate from a CA:
1. Create a self-signed certificate with "CRYPTO CERTIFICATE
GENERATE" on page 1177, in the Global Configuration mode. The
command has this format:
crypto certificate
common_name organizational_unit organization location
state country duration
The parameters are described in step 1 in the previous procedure and
in "CRYPTO CERTIFICATE GENERATE" on page 1177.
2. Create an enrollment request with "CRYPTO CERTIFICATE
REQUEST" on page 1180, in the Global Configuration mode. The
format of the command is shown here:
crypto certificate
organizational_unit organization location state country
The values of the parameters in this command must be exactly the
same as the corresponding values from the CRYPTO CERTIFICATE
GENERATE command, used to create the self-signed certificate. This
includes the ID_NUMBER parameter. Any differences, including
differences in capitalizations, will cause the switch to reject the CA
certificate when you import it into the switch's certificate database.
3. Cut and paste the enrollment request from your screen into a word
processor document.
4. Submit the enrollment request to the CA.
5. After you receive the certificate files from the CA, download them into
the switch's file system using TFTP or Zmodem. For instructions, refer
to Chapter 26, "File Transfers" on page 373. Be sure to download all
certificate files from the CA.
6. Import the certificate into the certificate database with "CRYPTO
CERTIFICATE IMPORT" on page 1179. The command has this
format:
crypto certificate
The ID_NUMBER parameter is the ID number you assigned the self-
signed certificate and enrollment request.
7. Designate the new certificate from the CA as the active certificate on
the switch with "IP HTTPS CERTIFICATE" on page 1183, in the
id_number
generate
id_number
request
id_number
import
length passphrase
common_name
Section XI: Management Security
Advertisement
Table of Contents
