261
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing Keys and Certificates
When you type the command, the CLI prompts you to enter information to identify the
certificate. For example:
DWS-1008#
crypto generate self-signed admin
Country Name:
US
State Name:
CA
Locality Name:
San Jose campus
Organizational Name:
D-Link
Organizational Unit:
eng
Common Name:
DWS-1008
Email Address:
Unstructured Name:
DWS-1008 in wiring closet 120
You
must
include a common name (string) when you generate a self-signed certificate. The
other information is optional. Use a fully qualified name if such names are supported on your
network. The certificate appears after you enter this information.
Installing a Key Pair and Certificate from a PKCS #12 Object File
PKCS object files provide a file format for storing and transferring storing data and cryptographic
information. (For more information, see PKCS #7, PKCS #10, and PKCS #12 Object Files.) A
PKCS #12 object file, which you obtain from a CA, includes the private key, a certificate, and
optionally the CA’s own certificate.
After transferring the PKCS #12 file from the CA via FTP and generating a one-time password
to unlock it, you store the file in the switch’s certificate and key store. To set and store a
PKCS #12 object file, follow these steps:
1.
Copy the PKCS #12 object file to nonvolatile storage on the swich. Use the following
command:
copy
tftp://
filename local-filename
2.
Enter a one-time password (OTP) to unlock the PKCS #12 object file. The password
must be the same as the password protecting the PKCS #12 file.
The password must contain at least 1 alphanumeric character, with no spaces, and must not
include the following characters:
• Quotation marks (““)
• Question mark (?)
• Ampersand (&)
Note:
On a switch that handles communications to or from Microsoft Windows clients, use a
one-time password of 31 characters or fewer.
To enter the one-time password, use the following command:
crypto otp
{
admin
|
eap
|
webaaa
}
one-time-password