admonition attempt v1

docs/icx6xxx-adv.md

@@ -33,15 +33,16 @@ web-management https
 
 Once you get an  `ssl-certificate creation is successful`  message in the console, you'll be able to access the web UI via  `https`.
 
-If you want to use your own certificate that is also possible. It's important to remember that the switch [doesn't support PKCS #8](https://community.ruckuswireless.com/t5/Switches/Can-t-import-SSL-certificates-quot-Could-not-parse-the-PEM/m-p/18554/highlight/true#M686) and this isn't actually [documented anywhere](https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-E83AC70A-9F89-4209-B6C4-ED5725D4F487.html). You must create certificates using the PKCS #1 format. If you try to use PKCS #8 (the default for openssl), you'll get certificate parsing errors.
+??? info
+    If you want to use your own certificate that is also possible. It's important to remember that the switch [doesn't support PKCS #8](https://community.ruckuswireless.com/t5/Switches/Can-t-import-SSL-certificates-quot-Could-not-parse-the-PEM/m-p/18554/highlight/true#M686) and this isn't actually [documented anywhere](https://docs.ruckuswireless.com/fastiron/08.0.60/fastiron-08060-securityguide/GUID-E83AC70A-9F89-4209-B6C4-ED5725D4F487.html). You must create certificates using the PKCS #1 format. If you try to use PKCS #8 (the default for openssl), you'll get certificate parsing errors.
 
-The ICX6610 again doesn't support keys larger than 2048 bits. This example assumes you want to create your own CA and sign with it.
+    The ICX6610 again doesn't support keys larger than 2048 bits. This example assumes you want to create your own CA and sign with it.
 
-1. Create new Root CA
+    1. Create new Root CA
-```
+    ```
-pass='{{ pass }}' \
+    pass='{{ pass }}' \
-name='{{ name }}' \
+    name='{{ name }}' \
-openssl req \
+    openssl req \
         -newkey rsa:4096 \
         -sha512 \
         -passin pass:"${pass}" \
@@ -52,19 +53,19 @@ openssl req \
         -out "$name"Root.crt \
         -subj "/CN="$name" Root CA" \
         -days 3650
-```
+    ```
 
-2. Generate key in PKCS#1 format. Use the `-traditional`, see [openssl-genrsa](https://www.openssl.org/docs/manmaster/man1/openssl-genrsa.html) for more details.
+    2. Generate key in PKCS#1 format. Use the `-traditional`, see [openssl-genrsa](https://www.openssl.org/docs/manmaster/man1/openssl-genrsa.html) for more details.
-```
+    ```
-openssl genrsa -traditional -out keyfile 2048
+    openssl genrsa -traditional -out keyfile 2048
-```
+    ```
 
-3. Create certificate sign request
+    3. Create certificate sign request
-```
+    ```
-name='{{ name }}' \
+    name='{{ name }}' \
-C='{{ country }}' \
+    C='{{ country }}' \
-ST='{{ state/province }}' \
+    ST='{{ state/province }}' \
-openssl req \
+    openssl req \
         -new \
         -sha512 \
         -key keyfile \
@@ -73,12 +74,12 @@ openssl req \
         -reqexts SAN \
         -extensions SAN \
         -config <(cat /etc/ssl/openssl.cnf ; printf "[SAN]\nsubjectAltName=DNS:%s" "sw1.home.arpa")
-```
+    ```
 
-4. Sign certificate request
+    4. Sign certificate request
-```
+    ```
-name='{{ name }}' \
+    name='{{ name }}' \
-openssl x509 \
+    openssl x509 \
         -req \
         -in certsignreq.csr \
         -CA "$name"Root.crt \
@@ -90,15 +91,15 @@ openssl x509 \
         -extensions v3_ext \
         -extensions SAN \
         -extfile <(cat /etc/ssl/openssl.cnf ; printf "[SAN]\nsubjectAltName=DNS:%s" "sw1.home.arpa")
-```
+    ```
 
-5. Install your own certificate via tftp
+    5. Install your own certificate via tftp
-```
+    ```
-ip ssl cert-key-size 2048
+    ip ssl cert-key-size 2048
-ip ssl certificate-data-file tftp 192.168.1.51 certfile
+    ip ssl certificate-data-file tftp 192.168.1.51 certfile
-ip ssl private-key-file tftp 192.168.1.51 keyfile
+    ip ssl private-key-file tftp 192.168.1.51 keyfile
-web-management https
+    web-management https
-```
+    ```
 
 You should enable authentication for telnet access:
 ```