Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

331

332

333

334

335

336

337

338

339

340

Creating Keys and Certificates

16-6 Managing Keys and Certificates

Choosing the Appropriate Certificate Installation Method

for Your Network

Dependingonyournetworkenvironment,youcanuseanyofthefollowingmethodstoinstall

certificatesandtheirpublic‐privatekeypairs.Themethodsdifferintermsofsimplicityand

security.Thesimplestmethodisalsotheleastsecure,whilethemostsecuremethodisslightly

morecomplextouse.

• Self

‐signedcertificate—TheeasiestmethodtousebecauseaCAserverisnotrequired.The

RoamAboutswitchgeneratesandsignsthecertificateitself.Thismethodisthesimplestbutis

alsotheleastsecure,becausethecertificateisnotvalidated(signed)byaCA.

• PKCS #12obj ectfilecertificate—Moresecurethan

usingself‐signedcertificates,butslightly

lesssecurethanusingaCertificateSigningRequest(CSR),becausetheprivatekeyis

distributedinafilefromtheCAinsteadofgeneratedbytheRoamAboutswitchitself.The

PKCS #12objectfileismorecomplextodealwiththanself‐signedcertificates.However,you



canuseRoamAboutSwitchManager,WebView,ortheCLItodistributethiscertificate.The

othertwomethods canbeperformedonlyusingtheCLI.

• CertificateSigningRequest(CSR)—Themostsecuremethod,becausetheRoamAbout

switch’spublicandprivatekeysarecreatedontheRoamAboutswitchitself,whilethe

certificate

comesfromatrustedsource(CA).Thismethodrequiresgeneratingthekeypair,

creatingaCSRandsendingittotheCA,cuttingandpastingthecertificatesignedbytheCA

intotheCLI,andthencuttingandpastingtheCA’sowncertificateintotheCLI.

Table 16‐2liststhe

stepsrequiredforeachmethodandrefersyoutoappropriateinstructions.(For

completeexamples,see“KeyandCertificate ConfigurationScenarios”onpage 16‐11.)

Table 16-2 Procedures for Creating and Validating Certificates

Certificate

Installation

Method

Steps Required Instructions

Self-signed

certificate

1. Generate a public-private key pair on the

RoamAbout switch.

2. Generate a self-signed certificate on the

RoamAbout switch.

•“Creating Public-Private Key

Pairs” on page 16-7

•“Generating Self-Signed

Certificates” on page 16-7

PKCS #12

object file

certificate

1. Copy a PKCS #12 object file (public-private key

pair, server certificate, and CA certificate) from a

CA onto the RoamAbout switch.

2. Enter the one-time password to unlock the file.

3. Unpack the file into the switch’s certificate and

key store.

•“Installing a Key Pair and

Certificate from a PKCS #12

Object File” on page 16-8

Certificate

Signing

Request (CSR)

certificate

1. Generate a public-private key pair on the

RoamAbout switch.

2. Generate a CSR on the switch as a PKCS #10

object file.

3. Give the CSR to a CA and receive a signed

certificate (a PEM-encoded PKCS #7 object file).

4. Paste the PEM-encoded file into the CLI to store

the certificate on the RoamAbout switch.

5. Obtain and install the CA’s own certificate.

•“Creating Public-Private Key

Pairs” on page 16-7

•“Creating a CSR and Installing

a Certificate from a PKCS #7

Object File” on page 16-9

•“Installing a CA’s Own

Certificate” on page 16-10