Before generating a certificate, make sure the time and date on the ExtremeCloud IQ clock are accurate. Otherwise, the certificate might be
rejected during validation because the starting date has not occurred or the
expiration date has passed.
Use this task to generate your own Certificate Authority (CA).
-
Select the add icon.
-
Enter a descriptive name or the
domain name of the ExtremeCloud IQ appliance or Virtual IQ that you
are going to use to sign server certificates.
This name will later be used to
verify server certificates to authenticate participants in AAA exchanges.
Examples: SophiaCA, HiltonCA, Extreme NetworksCA.
-
Enter the name of the ExtremeCloud IQ organization.
Examples: Sophia University,
Hilton Hotel, Extreme Networks.
-
Enter the name of the ExtremeCloud IQ division.
Examples: Marketing,
Engineering, Sales.
-
Enter the ExtremeCloud IQ location.
-
Enter the ExtremeCloud IQ State or Province.
-
Enter the ExtremeCloud IQ two-character country code.
-
Enter an optional contact email address.
-
Enter the number of days the CA
will be valid.
A CA is typically valid for a
much longer period than the server certificates it signs.
-
Choose a key size for the key pair: 512, 1024, or 2048 bytes.
The encryption produced by the
smallest key size (512 bytes) can be cracked with relatively common tools and is
not generally recommended. However, it might be needed if the devices on which
the CA must be loaded do not support larger key sizes. Keys of 1024 or 2048
bytes provide far stronger encryption, but require greater processing
power.
-
Enter the corresponding password
for encrypting and decrypting the private key linked to the public key in the
CA.
-
Select Save.
ExtremeCloud IQ
saves the CA with the file name Default_CA.pem
and the accompanying private key as Default_key.pem.
