.................................................................................................................................... ........................................................................................................................
Notes on Using Certificates8950 AAA Certificate Manager
22-20 365-360-001R6.0
Issue 1, December 2008
.................................................................................................................................... ........................................................................................................................
5. Add any additional information and click Next >
6. Enter the password used to encrypt the root certificate private key.
7. Enter the password for encrypting the client certificate private key and click Next >
8. Enter the name of the root certificate file. See “Generating a Root Certificate” on
page 18.
9. Enter a name for the client certificate file you are creating, or accept the defaults.
Important! If you are creating multiple client certificates, be sure to save each one is
a separate file.
10. Click Next.
Result: The contents of the certificate are displayed for your review. It is not necessary
to record this information; it will be included in the file.
11. Click Generate Another Certificate to create another Client certificate
OR
click Close to terminate the aaa-cert application.
Notes on Using Certificates
Root Certificates
Root certificate files generated by aaa-cert contain an encoded X.509 certificate with
extensions for a certificate authority and the encrypted private key matching the public key
in the root certificate. A password is used to encrypt the private key and protect it from
public access.
Root certificates are signed with their own private key and therefore cannot be verified by
another certificate. Typically root certificates are verified by checking a digital fingerprint
published in a secure manner. Root certificates are installed on machines that need to
verify client and server certificates signed by the root certificate.
Rather than using aaa-cert to generate a root certificate, a root certificate from another
source, including another installation of 8950 AAA could be used for your site. However,
when using aaa-cert you must always have the private key for the Root certificate you will
be using and know the password used to encrypt the private key.
Server and Client Certificates
Server and Client certificate files generated by aaa-cert for contain: an encoded X.509
certificate with extensions for server or client authentication; the X.509 certificate used to
sign the certificate; and the encrypted private key matching the public key in the
certificate. A password is used to encrypt the private key and protect it from public access.