16: Security Settings
xSenso User Guide
89
Certificate and Key Generation
The xSenso can generate self signed certificates and their corresponding keys. This can be done
for both the rsa and dsa certificate formats. Certificates can be identified on the xSenso by a name
provided at generation time.
Table 16-5 Certificate and Key Generation Settings
To Create a New Credential
Using Web Manager
To create a new credential, o to the
Admin
tab/page, click
SSL
in the menu and select
Credentials
.
Using the CLI
To enter the SSL command level:
enable -> ssl
To enter the Credentials command level:
enable -> ssl -> credentials
Certificate Generation
Settings
Description
Country (2 Letter Code)
Enter the 2-letter country code to be assigned to the new self-signed
certificate.
Examples: US for United States and CA for Canada
State/Province
Enter the state or province to be assigned to the new self-signed certificate.
Locality (City)
Enter the city or locality to be assigned to the new self-signed certificate.
Organization
Enter the organization to be associated with the new self-signed certificate.
Organization Unit
Enter the organizational unit to be associated with the new self-signed
certificate.
Common Name
Enter the common name to be associated with the new self signed
certificate, preferrably matching the host name or the ip address of the
device, whichever will be the intended access approach. This is a required
field.
Expires
Enter the expiration date, in mm/dd/yyyy format, for the new self-signed
certificate.
Example: An expiration date of May 9, 2012 is entered as 05/09/2012.
Key length
Select the bit size of the new self-signed certificate. Choices are:
512 bits
768 bits
1024 bits
2048 bits
The larger the bit size, the longer it takes to generate the key.
Type
Select the type of key:
RSA
= Public-Key Cryptography algorithm based on large prime
numbers, invented by Rivest Shamir and Adleman. Used for encryption
and signing.
DSA
= Digital Signature Algorithm also based on large prime numbers,
but can only be used for signing. Developed by the US government to
avoid the patents on RSA.