Creating Self-Signed Certificates and Private Keys
When you generate a certificate, the certificate is stored in the configuration file, and the private key is stored in the EEPROM. The certificate generated is in PEM format. By default ExtremeXOS uses the SHA-512 hashing algorithm to create the certificate. The certificate hashing algorithm can be configured using command configure ssl certificate hash-algorithm hash-algorithm. ExtremeXOS supports MD5, SHA-224, SHA-256, SHA-384 and SHA-512. The configured algorithm are used to create certificates from next time onwards. Use the show ssl command to check the currently configured Signature hashing algorithm.
- Country code (maximum size of 2 characters)
- Organization name (maximum size of 64 characters)
- Common name (maximum size of 64)
Any existing certificate and private key is overwritten.
The size of the certificate depends on the RSA key length (privkeylen) and the length of the other parameters (country, organization name, and so forth) supplied by the user. For an RSA key length of 4,096, the certificate length is approximately 2 Kb, and the private key length is approximately 3 Kb.