Configuring the Certificate Record

The certificate record configuration represents either the end-entity or the Certificate Authority (CA) certificate on the Net-Net ESD. If it is used to present an end-entity certificate, a private key should be associated with this certificate record configuration using the ACLI security certificate request command.

No private key should be associated with the certificate record configuration if it was issued to hold a CA certificate. A certificate can be imported to a certificate record configuration using the ACLI security certificate import command.

Note:

There is no need to create a certificate record when importing a CA certificate or certificate in pkcs12 format.

To configure a certificate:

  1. In Superuser mode, type configure terminal and press Enter. 
    ACMEPACKET# configure terminal
  2. Type security and press Enter to access the security-related objects. 
    ACMEPACKET(configure)# security
  3. Type certificate-record and press Enter to access the certificate record parameters. 
    ACMEPACKET(security)# certificate-record
ACMEPACKET(certificate-record)#

    name—Enter the name of the certificate record. This is a key field, and you must enter a value for it. For example, acmepacket.

    country—Enter the name of the country. The default is US.

    state—Enter the name of the state of for the country. The default is MA.

    locality—Enter the name of the locality for the state. The default is Burlington.

    organization—Enter the name of the organization holding the certificate. The default is Engineering.

    unit—Enter the name of the unit for the holding the certificate within the organization.

    common-name—Enter the common name for the certificate record.

    key-size—Enter the size of the key for the certificate. Use the default of 1024, or change it to one of the other supported values: 512, 2048, or 4096.

    alternate-name—Enter the alternate name of the certificate holder.

    key-usage-list—Enter the usage extensions you want to use with this certificate record. This parameter can be configured with multiple values, and it defaults to the combination of digitalSignature and keyEncipherment. For a list of possible values and their descriptions, see the section Key Usage Control in this guide.

    extended-key-usage-list—Enter the extended key usage extensions you want to use with this certificate record. The default is serverAuth. For a list of possible values and their descriptions, see the section Key Usage Control in this guide..

  4. Enter done to save the certificate-record configuration. 
    ACMEPACKET(certificate-record)# done
  5. Enter exit to exit the certificate-record configuration. 
    ACMEPACKET(certificate-record)# exit
  6. Enter y at the prompt to save the configuration. 
    Save Changes [y|n]?: y
  7. Enter exit to exit the security configuration. 
    ACMEPACKET(security)# exit
  8. Enter exit to exit the configure mode. 
    ACMEPACKET(configure)# exit
  9. Enter save-config to save the configuration. 
    ACMEPACKET# save-config
  10. Enter activate-config to activate as the current configuration. 
    ACMEPACKET# activate-config

    Note:

    For verifying a certificate record, see the Security section of the Net-Net ACLI Configuration Guide for your Net-Net ESD model.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents