Chapter 9 Authentication
Configure CRL Parameters for a CA Certificate
STEP 1
STEP 2
STEP 3
STEP 4
STEP 5
From the LSM menu, select Authentication > X.509 Certificates.
On the CA Certificate page in the Current CA Certificates table, locate the CA Certificate that you want configure. Then, in the Function(s) field, click the Edit icon.
On the X.509 CA Certificate Details page in the Certificate Revocation List, select File. Then, type the File path and name for the CRL, or click Browse and navigate to the file.
Click Import.
To configure the CRL for automatic update, select the URL radio button. Then:
•type the URL used to retrieve the CRL from the Certificate Authority.
•type the Update Interval in hours. This specifies how often the device queries the CA website to check for updates.
•Click Set.
Certificate Requests
Certificate Requests provide X family administrators with a form and encoding method to generate a signed Local Certificate from the CA server.
After generating the Certificate Request, the administrator has to export the request, and then provide it to the CA server. The CA server signs the request to generate a Local Certificate and returns the signed certificate to the administrator who then imports it back into the X family device. A successful import of the Local Certificate removes the corresponding Certificate Request as the request has now been satisfied. After importing a Local Certificate, you can view and manage it from the Local Certificates page.
The device uses PKCS#10 format for Certificate Requests. When a request is created, a Distinguished Name (DN) and a public/private key pair is generated, and the public key is included in the PKCS#10 format.
You can manage Certificate Requests from the LSM. From the Certificates Request page, you can:
•View Certificate Requests currently available.
•Create a Certificate Request.
•Export the request so it can be submitted to the Certificate Authority.
•Import a signed Certificate Request that has been returned by the Certificate Authority so it is available for use on the system.
260 X Family LSM User’s Guide V 2.5.1