User`s manual

ManualsBrandsD-Link ManualsComputer equipmentDWL-8220AP - AirPremier Wireless Switch Dualband Access Point

261

262

263

264

265

266

267

268

269

270

262

DWS-1008 User’s Manual

D-Link Systems, Inc.

Managing Keys and Certicates

3. Unpack the PKCS #12 object le into the certicate and key storage area on the switch.

Use the following command:

crypto pkcs12 {eap} ﬁlename

The ﬁlename is the location of the le on the switch.

Creating a CSR and Installing a Certicate from a PKCS #7 Object File

After creating a public-private key pair, you can obtain a signed certicate of authenticity from

a CA by generating a Certicate Signing Request (CSR) from the switch. A CSR is a text

block with an encoded request for a signed certicate from the CA.

Note: Many certicate authorities have their own unique requirements. Follow the instructions

in the documentation for your CA to properly format the elds you complete when generating

a CSR.

1. To generate a request for a CA-signed certicate, use the following command:

crypto generate request {eap}

When prompted, enter values for each of six identication elds.

You must include a common name (string) when you generate a CSR. Use a fully qualied

name if such names are supported on your network. The other information is optional. For

example:

DWS-1008#dws-1008# crypto generate request admin

Country Name: US

State Name: MI

Locality Name: Detroit

Organizational Name: example

Organizational Unit: eng

Common Name: DWS-1008

Email Address: admin@example.com

Unstructured Name: south tower, wiring closet 125

When completed successfully, the command returns a Privacy-Enhanced Mail (PEM)

formatted PKCS #10 CSR. PEM encoding is a way of representing a non-ASCII le format

in ASCII characters. The encoded object is the PKCS #10 CSR. Give the CSR to a CA and

receive a signed certicate (a PEM-encoded PKCS #7 object le).

2. To install a certicate from a PKCS #7 le, use the following command to prepare the

switch to receive it:

crypto certicate {eap} PEM-formatted certiﬁcate

3. Use a text editor to open the PKCS #7 le, and copy and paste the entire text block,

including the beginning and ending delimiters, into the CLI.

Note: You must paste the entire block, from the beginning -----BEGIN CERTIFICATE

REQUEST----- to the end -----END CERTIFICATE REQUEST-----.