mirror of
https://github.com/Fohdeesha/lab-docu.git
synced 2024-11-28 11:05:13 +01:00
clean up https cert info
This commit is contained in:
parent
6a465bba6f
commit
3c4619b81d
@ -36,9 +36,9 @@ Once you get an `ssl-certificate creation is successful` message in the consol
|
||||
??? info
|
||||
If you want to use your own certificate that is also possible. It's important to remember that the switch [doesn't support PKCS #8](https://community.ruckuswireless.com/t5/Switches/Can-t-import-SSL-certificates-quot-Could-not-parse-the-PEM/m-p/18554/highlight/true#M686) and this isn't actually [documented anywhere](https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-E83AC70A-9F89-4209-B6C4-ED5725D4F487.html). You must create certificates using the PKCS #1 format. If you try to use PKCS #8 (the default for openssl), you'll get certificate parsing errors.
|
||||
|
||||
The ICX6610 again doesn't support keys larger than 2048 bits. This example assumes you want to create your own CA and sign with it.
|
||||
The ICX6xxx series doesn't support keys larger than 2048 bits. This example assumes you want to create your own CA and sign with it.
|
||||
|
||||
1. Create new Root CA
|
||||
Create a new Root CA:
|
||||
```
|
||||
pass='{{ pass }}' \
|
||||
name='{{ name }}' \
|
||||
@ -55,12 +55,12 @@ Once you get an `ssl-certificate creation is successful` message in the consol
|
||||
-days 3650
|
||||
```
|
||||
|
||||
2. Generate key in PKCS#1 format. Use the `-traditional`, see [openssl-genrsa](https://www.openssl.org/docs/manmaster/man1/openssl-genrsa.html) for more details.
|
||||
Generate a key in PKCS #1 format using the `-traditional` flag (see [openssl-genrsa](https://www.openssl.org/docs/manmaster/man1/openssl-genrsa.html) for more details):
|
||||
```
|
||||
openssl genrsa -traditional -out keyfile 2048
|
||||
```
|
||||
|
||||
3. Create certificate sign request
|
||||
Create the certificate signing request:
|
||||
```
|
||||
name='{{ name }}' \
|
||||
C='{{ country }}' \
|
||||
@ -76,7 +76,7 @@ Once you get an `ssl-certificate creation is successful` message in the consol
|
||||
-config <(cat /etc/ssl/openssl.cnf ; printf "[SAN]\nsubjectAltName=DNS:%s" "sw1.home.arpa")
|
||||
```
|
||||
|
||||
4. Sign certificate request
|
||||
Sign the certificate request:
|
||||
```
|
||||
name='{{ name }}' \
|
||||
openssl x509 \
|
||||
@ -93,13 +93,14 @@ Once you get an `ssl-certificate creation is successful` message in the consol
|
||||
-extfile <(cat /etc/ssl/openssl.cnf ; printf "[SAN]\nsubjectAltName=DNS:%s" "sw1.home.arpa")
|
||||
```
|
||||
|
||||
5. Install your own certificate via tftp
|
||||
Install your custom certificate on the switch via TFTP:
|
||||
```
|
||||
ip ssl cert-key-size 2048
|
||||
ip ssl certificate-data-file tftp 192.168.1.51 certfile
|
||||
ip ssl private-key-file tftp 192.168.1.51 keyfile
|
||||
web-management https
|
||||
```
|
||||
That's it! the web UI should now use your cert when loaded via HTTPS
|
||||
|
||||
You should enable authentication for telnet access:
|
||||
```
|
||||
|
@ -2,7 +2,6 @@
|
||||
|
||||
{% block announce %}
|
||||
<center>
|
||||
<font color="white">
|
||||
<a href="https://github.com/Fohdeesha/lab-docu/commits/master" target="_blank">Docu Version: v4.1 (08-06-2022)</a>
|
||||
-
|
||||
<a href="https://github.com/Fohdeesha/lab-docu" target="_blank">Sources, Suggest, Contribute</a>
|
||||
@ -10,7 +9,6 @@
|
||||
<a href="mailto:jon@fohdeesha.com?subject=Lab Docu">Contact</a>
|
||||
-
|
||||
<a href="https://www.paypal.com/donate?hosted_button_id=4ULUCCKQ2TAEQ" target="_blank">Donate</a>
|
||||
</font>
|
||||
</center>
|
||||
|
||||
{% endblock %}
|
||||
|
Loading…
Reference in New Issue
Block a user