Nortel Networks 5500 series User Manual
Page 307
Managing private keys and certificates
307
Table 54
CSR information (cont’d.)
Prompt
Description
Subject alternative
name (blank or comma
separated list of
URI:<uri>, DNS:<fqdn>,
IP:<ip-address>,
email:<email-address>):
Specifies alternative information for the
subject if you did not provide a Common
Name or e-mail address. The required
information is a comma-separated list as
follows:
•
URI:<uri>
, a Uniform Resource
Identifier
•
DNS:<fqdn>
, the fully qualified
domain name
•
IP:<ip-address>
•
email:<email-address>
Generate new key pair
(y/n) [y]:
Specifies whether you want to generate
a new pair of private and public keys.
The default is y (yes).
If you are creating a CSR for a new
certificate, accept the option to generate
a new key pair.
If a configured certificate is approaching
its expiration date and you want to
renew it without replacing the existing
key, specify n (no). The CSR will
be based on the existing key for the
specified certificate number.
Key size [1024]:
The length of the generated key, in bits.
The default value is 1024.
Request a CA certificate
(y/n) [n]:
Specifies whether to request
a CA certificate to use for client
authentication. Request a CA certificate
if you plan to issue your own server
certificates or client certificates,
generating them from the requested CA
certificate. The default is
n
(no).
Specify challenge
password (y/n) [n]:
Specifies a password to be used during
manual revocation of the certificate.
3
Generate the CSR.
After you have provided the required information, press Enter.
The CSR is generated and displayed on the screen.
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100
03.01
Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.