Allied Telesis AT-S63 User Manual
Page 373
AT-S63 Management Software Command Line Interface User’s Guide
373
add pki certificate="Switch 12 certificate"
location=Sw12cert.cer
4. This command disables the web server:
disable http server
5. This command configures the web server by activating HTTPS and
specifying the encryption key pair created in step 1:
set http server security=enabled sslkeyid=4
6. This command enables the web server:
enable http server
General Configuration Steps for a CA Certificate
Below are the steps to configuring the switch’s web server for CA
certificates using the command line commands. The steps explain how
to create an encryption key and a self-signed certificate, and how to
configure the web server for the certificate:
1. Set the switch’s date and time. You can do this manually using the
“SET DATE” on page 91 or you can configure the switch to obtain the
date and time from an SNTP server using “ADD SNTPSERVER
PEER|IPADDRESS” on page 86.
2. Create an encryption key pair using “CREATE ENCO KEY” on page 378
(syntax 1).
3. Set the switch’s distinguished name using “SET SYSTEM
DISTINGUISHEDNAME” on page 398.
4. Create an enrollment request using “CREATE PKI
ENROLLMENTREQUEST” on page 391.
5. Upload the enrollment request from the switch to a management
station or FTP server using “UPLOAD” on page 160.
6. Submit the enrollment request to a CA.
7. After you have received the CA certificates, download them into the
switch’s file system using “LOAD” on page 154.
8. Add the CA certificates to the certificate database using “ADD PKI
9. Disable the switch’s web server using the command “DISABLE HTTP
10. Configure the web server using “SET HTTP SERVER” on page 371.
11. Activate the web server using “ENABLE HTTP SERVER” on page 369