Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

331

332

333

334

335

336

337

338

339

340

About Keys and Certificates

16-4 Managing Keys and Certificates

informationaboutthisoption,referto“ConfiguringRBT‐SwitchtoRBT‐SwitchSecurity”on

page 7‐5.)

• EAPcertificate—UsedbytheRoamAboutswitchtoauthenticateitselftoEAPclients.

• WebAAAcertificate—UsedbytheRoamAboutswitchtoauthenticateitselftoWebAAA

clients,whouseawebpageservedbya

RoamAboutswitchtologontothenetwork.

• Certificateauthority(CA)certificates—UsedbytheRoamAboutswitch inadditiontothe

certificateslistedabove,whenthosecertificatesarefromtheCA.

TheAdmin,EAP,andWebAAAcertificatescanbegeneratedbytheRoamAboutswitch(self‐

signed)orgeneratedandsignedbya

CA.IftheyaresignedbyaCA,theCA’sowncertificateis

alsorequired.

PKCS #7, PKCS #10, and PKCS #12 Object Files

Public‐KeyCryptographyStandards(PKCS)areencryptioninterface standardscreatedbyRSA

DataSecurity,Inc.,thatprovideafileformatfortransferringdataandcryptographicinformation.

EnterasysNetworkssupportsthePKCSobjectfileslistedinTable 16‐1.

Table 16-1 PKCS Object Files Supported by Enterasys

File Type Standard Purpose

PKCS #7 Cryptographic

Message Syntax

Standard

Contains a digital certificate signed by a CA.

To install the certificate from a PKCS #7 file, use the crypto

certificate command to prepare MSS to receive the certificate,

then copy and paste the certificate into the CLI.

A PKCS #7 file does not contain the public key to go with the

certificate. Before you generate the CSR and instal the certificate,

you must generate the public-private key pair using the crypto

generate key command.

PKCS #10 Certification Request

Syntax Standard

Contains a Certificate Signing Request (CSR), a special file with

encoded information needed to request a digital certificate from a

CA.

To generate the request, use the crypto generate request

command. Copy and paste the results directly into a browser

window on the CA server, or into a file to send to the CA server.

PKCS #12 Personal Information

Exchange Syntax

Standard

Contains a certificate signed by a CA and a public-private key pair

provided by the CA to go with the certificate.

Because the key pair comes from the CA, you do not need to

generate a key pair or a certificate request on the switch. Instead,

use the copy tftp command to copy the file onto the RoamAbout

switch.

Use the crypto otp command to enter the one-time password

assigned to the file by the CA. (This password secures the file so

that the keys and certificate cannot be installed by an unauthorized

party. You must know the password in order to install them.)

Use the crypto pkcs12 command to unpack the file.