Chapter 11 Managing certificates 571

You can install new certificates or import or renew existing certificates.

Note: The Nortel SNAS 4050 supports keys and certificates created by using Apache-SSL, OpenSSL, or Stronghold SSL. However, for greater security, Nortel recommends creating keys and generating certificate signing requests from within the Nortel SNAS 4050 system using the CLI or SREM. This way, the encrypted private key never leaves the Nortel SNAS 4050 and is invisible to the user.

Key and certificate formats

The Nortel SNAS 4050 supports importing, saving, and exporting private keys and certificates in a number of standard formats. Table 120 summarizes the supported formats.

Table 120 Supported key and certificate formats (Sheet 1 of 2)

Format

Import/Add

Export/Save

Comment

 

 

 

 

PEM*

Yes

Yes

Encrypts the private key. Combines the private key and

 

 

 

certificate in the same file.

 

 

 

 

DER

Yes

Yes

Does not encrypt the private key. Allows you to store

 

 

 

the private key and certificate in separate files.

 

 

 

 

NET

Yes

Yes

Encrypts the private key. Allows you to store the

 

 

 

private key and certificate in separate files.

 

 

 

 

PKCS12

Yes

Yes

Encrypts the private key. Combines the private key and

(also known as PFX)

 

 

certificate in the same file. Most browsers allow

 

 

importing a combined key and certificate file in the

 

 

 

 

 

 

PKCS12 format.

 

 

 

 

PKCS7

Yes

No

Certificate only.

 

 

 

 

PKCS8

Yes

No

Key only (used in WebLogic).

 

 

 

 

MS IIS 4

Yes

No

Key only (proprietary format).

 

 

 

 

*You must use the PEM format when:

• you save keys and certificates by copying

• you add a key or certificate by pasting

Nortel Secure Network Access Switch 4050 User Guide

Page 571
Image 571
Nortel Networks 4050 manual Key and certificate formats, Supported key and certificate formats Sheet 1