Before you begin
Before generating a certificate, make sure the time and date on the ExtremeCloud IQ
clock are accurate. Otherwise, the certificate might be rejected during validation
because the starting date has not occurred or the expiration date has passed.
About this task
Use this task to generate your own Certificate Authority (CA).
Procedure
-
Select the add icon.
-
Enter a descriptive name or the
domain name of the ExtremeCloud IQ appliance or Virtual IQ that you are going to
use to sign server certificates.
This name will later be used to
verify server certificates to authenticate participants in AAA exchanges.
Examples: SophiaCA, HiltonCA, Extreme NetworksCA.
-
Enter the name of the
ExtremeCloud IQ organization.
Examples: Sophia University,
Hilton Hotel, Extreme Networks.
-
Enter the name of the
ExtremeCloud IQ division.
Examples: Marketing,
Engineering, Sales.
-
Enter the ExtremeCloud IQ
location.
-
Enter the ExtremeCloud IQ State
or Province.
-
Enter the ExtremeCloud IQ
two-character country code.
-
Enter an optional contact email address.
-
Enter the number of days the CA
will be valid.
A CA is typically valid for a
much longer period than the server certificates it signs.
-
Choose a key size for the key pair: 512, 1024, or 2048 bytes.
The encryption produced by the
smallest key size (512 bytes) can be cracked with relatively common tools and is
not generally recommended. However, it might be needed if the devices on which
the CA must be loaded do not support larger key sizes. Keys of 1024 or 2048
bytes provide far stronger encryption, but require greater processing
power.
-
Enter the corresponding password
for encrypting and decrypting the private key linked to the public key in the
CA.
-
Select Save.
ExtremeCloud IQ saves the CA
with the file name Default_CA.pem and the accompanying private key as
Default_key.pem.
