Allied Telesis management software layer 2+ fast ethernet switches

Chapter 33: Web Server Commands

504

11. Activate the web server using ENABLE HTTP SERVER on page 498

The following is an example of the command sequence for configuring

the web server for a CA certificate. It explains how to create an

encryption key pair and enrollment request, and how to download the

CA certificates on the switch. (The example does not include step 1,

setting the system time, nor the procedure for submitting the request to

a CA, which will vary depending on the CA’s enrollment requirements.)

1. This command creates the encryption key pair with an ID of 8, a

length of 512 bits, and the description “Switch 24 key”:

create enco key=8 type=rsa length=512

description=”Switch 24 key”

2. This command sets the switch’s distinguished name to a master

switch’s IP address of 149.44.44.44:

set system distinguishedname=”cn=149.44.44.44”

3. This command creates an enrollment request using the encryption

key created in step 1. It assigns the request the filename

“sw24cer.csr”. The command omits the “.csr” extension because the

management software adds it automatically:

create pki enrollmentrequest=sw24cer keypair=8

4. This command uploads the enrollment request from the switch’s file

system to a TFTP server. The command assumes that the TFTP server

has the IP address 149.88.88.88. (This step could also be performed

using Xmodem.)

upload method=tftp destfile=c:sw24cer.csr

server=149.88.88.88 file=sw24cer.csr

5. These commands download the CA certificates into the switch’s file

system from the TFTP server. The commands assume that the IP

address of the server is 149.88.88.88 and that the certificate names are

“sw24cer.cer” and “ca.cer”. (This step could be performed using

Xmodem.)

load method=tftp destfile=sw24cer.cer

server=149.88.88.88 file=c:sw24cer.cer

load method=tftp destfile=ca.cer

server=149.88.88.88 file=c:ca.cer

6. These commands load the certificates into the certificate database:

add pki certificate=”Switch 24 certificate”

location=sw24cert.cer

add pki certificate=”CA certificate”

location=ca.cer

7. This command disables the web server:

disable http server