User's Manual 100 Document #: LTRT-68822
Mediant 2000
9.5 Self-Signed Certificates
The device is shipped with an operational, self-signed server certificate. The subject name
for this default certificate is 'ACL_nnnnnnn', where nnnnnnn denotes the serial number of
the device. However, this subject name may not be appropriate for production and can be
changed while still using self-signed certificates.
 To change the subject name and regenerate the self-signed certificate:
1. Before you begin, ensure the following:
• You have a unique DNS name for the device (e.g.,
dns_name.corp.customer.com). This name is used to access the device and
should therefore, be listed in the server certificate.
• No traffic is running on the device. The certificate generation process is disruptive
to traffic and should be executed during maintenance time.
2. Open the Certificates page (see 'Replacing the Device's Certificate' on page 95).
3. In the 'Subject Name [CN]' field, enter the fully-qualified DNS name (FQDN) as the
certificate subject, select the desired private key size (in bits), and then click Generate
self-signed; after a few seconds, a message appears displaying the new subject
name.
4. Save the configuration with a device reset (see 'Saving Configuration' on page 396)
for the new certificate to take effect.
9.6 Loading Certificate Chain for Trusted Root
A certificate chain is a sequence of certificates where each certificate in the chain is signed
by the subsequent certificate. The last certificate in the list of certificates is the Root CA
certificate, which is self-signed. The purpose of a certificate chain is to establish a chain of
trust from a child certificate to the trusted root CA certificate. The CA vouches for the
identity of the child certificate by signing it. A client certificate is considered trusted if one of
the CA certificates up the certificate chain is found in the server certificate directory.
Figure 9-5: Certificate Chain Hierarchy
For the device to trust a whole chain of certificates, you need to combine the certificates
into one text file (using a text editor). Once done, upload the file using the 'Trusted Root
Certificate Store' field in the Certificates page.
Notes: The maximum supported si
ze of the combined file of trusted chain of
certificates is 100,000 bytes (including the certificate's headers).
To Next Page
Loading...
Need help?
General
