C H A P T E R 3

Keys and Certificates

Obtaining a Certificate from VeriSign§ or Other Certificate Authority

Use the create key command to create your key and the create sign command to create a signing request to be sent to VeriSign or other certificate authority for authentication. The certificate authority will return it in approximately one to five days. After you have received the certificate, use the import cert command to import it into the 7110/7115.

The fields input to create a signing request are called collectively a Distinguished Name (DN). For optimal security, one or more fields must be modified to make the DN unique.

Procedure

Create a key:

1.Type the create key command at the prompt:

Intel 7115> create key

Key strength (512/1024) [512]: New keyID [001]: 002

Keypair was created for keyID: 002

2.Create a Certificate Signing Request:

Intel 7115> create sign 002

You are about to be asked to enter information that will be incorporated into your certificate request. The "common name" must be unique. For other fields, you could use default values.

Certifying authorities have specific guidelines on how to answer each of the questions. These guidelines may vary by certifying authority. Please refer to the guidelines of the certifying authority to whom you submit your Certificate Signing Request (CSR). Please keep the following in mind when entering the information that will be incorporated into your certificate request:

Country code: This is the two-letter ISO abbreviation for your country (for example, US for the United States).

State or Province: This is the name of the state or province where your organization’s head office is located. Please enter the full name of the state or province. Do not abbreviate.

3-7

Page 29
Image 29
Intel A31032-001 Procedure, Create a key Type the create key command at the prompt, Create a Certificate Signing Request