Generating an enrollment request, In “generating an – Allied Telesis AT-S63 User Manual

Chapter 32: PKI Certificates and SSL

744

Section VII: Management Security

Generating an Enrollment Request

To request a certificate from a CA, you need to generate an enrollment
request. The request contains the public key for the certificate, a
distinguished name, and other information. The request is stored as a file
with a “.csr” extension in the AT-S63 file system, from where you can
upload it onto your management station or FTP server for submission to
the CA. (For a review of all the steps to creating an enrollment request and
downloading a certificate from a CA onto a switch, refer to “General Steps
for a Public or Private CA Certificate” on page 690. You must first create a
key pair before you perform this procedure. For instructions, refer to
“Creating an Encryption Key” on page 705.

To generate an enrollment request, perform the following procedure:

1. From the Main Menu, type 7 to select Security and Services.

The Security and Services menu is shown in Figure 82 on page 259.

2. From the Security and Services menu, type 7 to select Keys/

Certificates Configuration.

The Keys/Certificates Configuration menu is shown in Figure 251 on
page 705.

3. From the Keys/Certificates Configuration menu, type 1 to select Switch

Distinguished Name (DN).

The following prompt is displayed:

Enter new DN (128 chars max) ->

4. Enter a name. An enrollment request must have a distinguished name.

For information, refer to “Distinguished Names” on page 721.

5. Type 3 to select Public Key Infrastructure (PKI) Configuration.

The Public Key Infrastructure (PKI) Configuration menu is shown in
Figure 257 on page 730.

6. From the Public Key Infrastructure (PKI) Configuration menu, type 3 to

select Generate Enrollment Request.