Creating Self-Signed Certificates and Private Keys

When you generate a certificate, the certificate is stored in the configuration file, and the private key is stored in the EEPROM. The certificate generated is in PEM format. By default ExtremeXOS uses the SHA-512 hashing algorithm to create the certificate. The certificate hashing algorithm can be configured using command configure ssl certificate hash-algorithm hash-algorithm. ExtremeXOS supports MD5, SHA-224, SHA-256, SHA-384 and SHA-512. The configured algorithm are used to create certificates from next time onwards. Use the show ssl command to check the currently configured Signature hashing algorithm.

To create a self-signed certificate and private key that can be saved in the EEPROM, use the following command:
configure ssl certificate privkeylen length country code organization org_name common-name name
Make sure to specify the following:
  • Country code (maximum size of 2 characters)
  • Organization name (maximum size of 64 characters)
  • Common name (maximum size of 64)

Any existing certificate and private key is overwritten.

The size of the certificate depends on the RSA key length (privkeylen) and the length of the other parameters (country, organization name, and so forth) supplied by the user. For an RSA key length of 4,096, the certificate length is approximately 2 Kb, and the private key length is approximately 3 Kb.