Managing Keys and Certificates 385

PKCS #7, PKCS #10, and PKCS #12 Object Files

Public-Key Cryptography Standards (PKCS) are encryption interface standards created by RSA Data Security, Inc., that provide a file format for transferring data and cryptographic information. Nortel supports the PKCS object files listed in Table 26.

Table 26: PKCS Object Files Supported by Nortel

File Type

Standard

Purpose

 

 

 

PKCS #7

Cryptographic Message

Contains a digital certificate signed by a CA.

 

Syntax Standard

To install the certificate from a PKCS #7 file, use the crypto

 

 

certificate command to prepare WSS Software to receive the

 

 

certificate, then copy and paste the certificate into the CLI.

 

 

A PKCS #7 file does not contain the public key to go with the

 

 

certificate. Before you generate the CSR and instal the

 

 

certificate, you must generate the public-private key pair using

 

 

the crypto generate key command.

 

 

 

PKCS #10

Certification Request

Contains a Certificate Signing Request (CSR), a special file with

 

Syntax Standard

encoded information needed to request a digital certificate from

 

 

a CA.

 

 

To generate the request, use the crypto generate request

 

 

command. Copy and paste the results directly into a browser

 

 

window on the CA server, or into a file to send to the CA server.

 

 

 

PKCS #12

Personal Information

Contains a certificate signed by a CA and a public-private key

 

Exchange Syntax

pair provided by the CA to go with the certificate.

 

Standard

Because the key pair comes from the CA, you do not need to

 

 

generate a key pair or a certificate request on the switch. Instead,

 

 

use the copy tftp command to copy the file onto the WSS

 

 

switch.

 

 

Use the crypto otp command to enter the one-time password

 

 

assigned to the file by the CA. (This password secures the file so

 

 

that the keys and certificate cannot be installed by an

 

 

unauthorized party. You must know the password in order to

 

 

install them.)

 

 

Use the crypto pkcs12 command to unpack the file.

 

 

 

Creating Keys and Certificates

You must create a public-private key pair, and request, accept, or generate a digital certificate to exchange with WLAN Management Software or Web View for management access, or with 802.1X or Web-based AAA users for network access. The digital certificates can be self-signed or signed by a certificate authority (CA). If you use certificates signed by a CA, you must also install a certificate from the CA to validate the digital signatures of the certificates installed on the WSS.

Each of the following types of access requires a separate key pair and certificate:

Admin—Administrative access through WLAN Management Software or Web View

EAP—802.1X access for network users who can access SSIDs encrypted by WEP or WPA, and for users connected to wired authentication ports

Nortel WLAN Security Switch 2300 Series Configuration Guide

Page 384 Page 386
Page 385
Image 385
Nortel Networks 2300 manual Creating Keys and Certificates, Pkcs #7, Pkcs #10, and Pkcs #12 Object Files
Page 384 Page 386
Top Page Image Contents