Examples – Allied Telesis AT-S63 User Manual

AT-S63 Management Software Command Line Interface User’s Guide

509

encrypted web browser management systems until it is loaded into the
database. For instructions, refer to “ADD PKI CERTIFICATE” on
page 506.

Note

For a review of the steps to configuring the web server for a self-
signed certificate, refer to “SET HTTP SERVER” on page 491.

The CERTIFICATE parameter assigns a file name to the certificate. This is
the name under which the certificate will be stored as in the switch’s file
system. The name can be from one to eight alphanumeric characters. If
the name includes a space, it must be enclosed in double quotes. The
software automatically adds the extension “.cer” to the name.

The KEYPAIR parameter specifies the ID of the encryption key that you
want to use to create the certificate. The public key of the pair will be
incorporated into the certificate. The key pair that you select must already
exist on the switch. To create a key pair, refer to “CREATE ENCO KEY” on
page 498. To view the IDs of the keys already on the switch, refer to
“SHOW ENCO” on page 504.

The SERIALNUMBER parameter specifies the number to be inserted into
the serial number field of the certificate. A serial number is typically used to
distinguish a certificate from all others issued by the same issuer, in this
case the switch. Self-signed certificates are usually assigned a serial
number of 0.

The FORMAT parameter specifies the type of encoding the certificate will
use. PEM is ASCII-encoded and allows the certificate to be displayed once
it has been generated. DER encoding is binary and so cannot be
displayed. The default is DER.

The SUBJECT parameter specifies the distinguished name for the
certificate. The name is inserted in the subject field of the certificate. Allied
Telesyn recommends using the IP address of the master switch as the
distinguished name (for example, “cn=149.11.11.11”). If your network has
a Domain Name System and you mapped a name to the IP address of a
switch, you can specify the switch’s name instead of the IP address as the
distinguished name. For a explanation of distinguished names, refer to
Chapter 27, “PKI Certificates and SSL” in the <Italic>AT-S63 Management
Software Menus Interface User’s Guide.

Examples

The following command creates a self-signed certificate. It assigns the
certificate the filename “sw12.cer”. (The management software
automatically adds the “.cer” extension.) The command uses the key pair
with the ID 12 to create the certificate. The format is ASCII and the
distinguished name is the IP address of a master switch: