Chapter 33: Web Server Commands

11. Activate the web server using ENABLE HTTP SERVER on page 498

The following is an example of the command sequence for configuring the web server for a CA certificate. It explains how to create an encryption key pair and enrollment request, and how to download the CA certificates on the switch. (The example does not include step 1, setting the system time, nor the procedure for submitting the request to a CA, which will vary depending on the CA’s enrollment requirements.)

1.This command creates the encryption key pair with an ID of 8, a length of 512 bits, and the description “Switch 24 key”:

create enco key=8 type=rsa length=512 description=”Switch 24 key”

2.This command sets the switch’s distinguished name to a master switch’s IP address of 149.44.44.44:

set system distinguishedname=”cn=149.44.44.44”

3.This command creates an enrollment request using the encryption key created in step 1. It assigns the request the filename “sw24cer.csr”. The command omits the “.csr” extension because the management software adds it automatically:

create pki enrollmentrequest=sw24cer keypair=8

4.This command uploads the enrollment request from the switch’s file system to a TFTP server. The command assumes that the TFTP server has the IP address 149.88.88.88. (This step could also be performed using Xmodem.)

upload method=tftp destfile=c:sw24cer.csr server=149.88.88.88 file=sw24cer.csr

5.These commands download the CA certificates into the switch’s file system from the TFTP server. The commands assume that the IP address of the server is 149.88.88.88 and that the certificate names are “sw24cer.cer” and “ca.cer”. (This step could be performed using Xmodem.)

load method=tftp destfile=sw24cer.cer server=149.88.88.88 file=c:sw24cer.cer

load method=tftp destfile=ca.cer server=149.88.88.88 file=c:ca.cer

6.These commands load the certificates into the certificate database:

add pki certificate=”Switch 24 certificate” location=sw24cert.cer

add pki certificate=”CA certificate” location=ca.cer

7.This command disables the web server: disable http server

504

Page 504
Image 504
Allied Telesis management software layer 2+ fast ethernet switches manual Set system distinguishedname=cn=149.44.44.44