Allied Telesis management software layer 2+ fast ethernet switches

AT-S62 Command Line User’s Guide

519

Once you have created a new self-signed certificate, you need to load it

into the certificate database. The switch cannot use the certificate for

encrypted web browser management systems until it is loaded into the

database. For instructions, refer to ADD PKI CERTIFICATE on page 516.

Note

For a review of the steps to configuring the web server for a self-

signed certificate, refer to SET HTTP SERVER on page 500.

The CERTIFICATE parameter assigns a file name to the certificate. This is

the name under which the certificate will be stored as in the switch’s file

system. The name can be from one to eight alphanumeric characters. If

the name includes a space, it must be enclosed in double quotes. The

software automatically adds the extension “.cer” to the name.

The KEYPAIR parameter specifies the ID of the encryption key you want

to use to create the certificate. The public key of the pair will be

incorporated into the certificate. The key pair that you select must

already exist on the switch. To create a key pair, refer to CREATE ENCO

KEY on page 508. To view the IDs of the keys already on the switch, refer

to SHOW ENCO on page 514.

The SERIALNUMBER parameter specifies the number to be inserted into

the serial number field of the certificate. A serial number is typically used

to distinguish a certificate from all others issued by the same issuer, in

this case the switch. Self-signed certificates are usually assigned a serial

number of 0.

The FORMAT parameter specifies the type of encoding the certificate

will use. PEM is ASCII-encoded and allows the certificate to be displayed

once it has been generated. DER encoding is binary and so cannot be

displayed. The default is DER.

The SUBJECT parameter specifies the distinguished name for the

certificate. The name is inserted in the subject field of the certificate.

Allied Telesyn recommends using the IP address of the master switch as

the distinguished name (for example, “cn=149.11.11.11”). If your

network has a Domain Name System and you mapped a name to the IP

address of a switch, you can specify the switch’s name instead of the IP

address as the distinguished name. For a explanation of distinguished

names, refer to the AT-S62 Management Software Menus Interface User’s

Guide.