Westermo MR Series User Manual

Page 64

Advertising
background image

64

6622-3201

Web Interface and Command Line Reference Guide

www.westermo.com

Using Text Commands

From the command line the genkey command can be used to generate a private key. To generate a
private key, enter the command

genkey <instance> <keysize> <filename> < -ssh1>

where: <instance> is 0

<keysize>

is the size of the key in bits

<filename>

is the name of the private key file

<-ssh1>

is optional, and will generate the private key file in SSH version 1 format

For example, to generate a 1024 bit SSH version 2 key called privkey.pem, enter:

genkey 1024 privkey.pem

You will see the following output:

OK

Starting 1024 bit key generation. Please wait. This may take some

time...

\Key generated, saving to FLASH file privkey.pem

Closing file

Private key file created

All tasks completed

From the command line, the creqnew command can be used to generate a certificate request. If the
private key does not already exist, and the appropriate parameters are entered, the key will be gen-
erated at the same time.

To generate a certificate request, enter the command:

creq new <parameter><value> <parameter><value>

To generate a private key and a certificate request, enter the command:

creq new <parameter><value> <parameter><value> <parameter><value>

The parameters and values are:

Parameter

Values

Equivalent Web Parameter

-b

number

New Key Size

-k

text

Private key filename

-o

text

Certificate request filename

For example, to generate a certificate request file called “request.pem” from a private key called
“priv001.pem”, enter:

creq new -kpriv001.pem -o request.pem

To generate a 512 bit private key called “private.pem”, and generate a certificate request called “cer-
treq.pem” using that file, enter:

creq new -b512 -kprivate.pem -ocertreq.pem

Private key fi les - Splitting Certifi cates

For increased security there is the option of splitting the private key file between the Westermo
flash and a USB memory stick. Once a private key has been split and stored in 2 parts, the USB
memory stick must be present for any successful IKE negotiations that involve the private key. As
the USB memory only contains a part of the private key, it cannot be used in another unit.

The command to split a private key is:

privsplit <certificate filename>

Advertising
This manual is related to the following products:

DR Series

Popular Brands
Popular manuals