262
DWS-1008 User’s Manual
D-Link Systems, Inc.
Managing Keys and Certificates
3.
Unpack the PKCS #12 object file into the certificate and key storage area on the switch.
Use the following command:
crypto pkcs12
{
admin
|
eap
|
webaaa
}
filename
The
filename
is the location of the file on the switch.
Creating a CSR and Installing a Certificate from a PKCS #7 Object File
After creating a public-private key pair, you can obtain a signed certificate of authenticity from
a CA by generating a Certificate Signing Request (CSR) from the switch. A CSR is a text
block with an encoded request for a signed certificate from the CA.
Note:
Many certificate authorities have their own unique requirements. Follow the instructions
in the documentation for your CA to properly format the fields you complete when generating
a CSR.
1.
To generate a request for a CA-signed certificate, use the following command:
crypto generate request
{
admin
|
eap
|
webaaa
}
When prompted, enter values for each of six identification fields.
You must include a common name (string) when you generate a CSR. Use a fully qualified
name if such names are supported on your network. The other information is optional. For
example:
DWS-1008#dws-1008#
crypto generate request admin
Country Name:
US
State Name:
MI
Locality Name:
Detroit
Organizational Name:
example
Organizational Unit:
eng
Common Name:
DWS-1008
Email Address:
Unstructured Name:
south tower, wiring closet 125
When completed successfully, the command returns a Privacy-Enhanced Mail (PEM)
formatted PKCS #10 CSR. PEM encoding is a way of representing a non-ASCII file format
in ASCII characters. The encoded object is the PKCS #10 CSR. Give the CSR to a CA and
receive a signed certificate (a PEM-encoded PKCS #7 object file).
2.
To install a certificate from a PKCS #7 file, use the following command to prepare the
switch to receive it:
crypto certificate
{
admin
|
eap
|
webaaa
}
PEM-formatted certificate
3.
Use a text editor to open the PKCS #7 file, and copy and paste the entire text block,
including the beginning and ending delimiters, into the CLI.
Note:
You must paste the entire block, from the beginning -----BEGIN CERTIFICATE
REQUEST----- to the end -----END CERTIFICATE REQUEST-----.