Use this command to generate a certificate signing request and private key for the named topology. The gen-certreq command is available from the topology:<named-topology>:l3 context of the CLI.
cn | Common name that you want to assign to the controller interfaces. This is a mandatory parameter. If the common name is an IPv6 address, a [] is needed around the IPv6 address (see example, below). |
location | Keyword indicating that the next three parameters specify the location where the controller is operating. |
country | The name of the country where the controller is located. You must use the two-letter ISO abbreviation for the country. |
state | The name of the state or province where the controller is located. |
city | The name of the city where the controller is located. |
organization | Keyword indicating that the next two parameters specify the name of the organization to which the controller belongs. |
name | Organization name. |
unit | Organization unit name. |
Key word that identifies the following parameter as an email address. | |
email_addr | Email address. |
ipv6 | Specifies that the certificate supports IPv6 addressing. |
key-size | Specifies that the certificate supports key size. Valid key size values are 1024 or 2048. |
If a DNS name is used as the common name, a DNS lookup is performed. If the DNS name is not found, a warning is displayed.
Once the CSR file has been created, you can copy it to an FTP or SCP server using the command copy-csr. You can apply the certificate with the command cert.
The following example shows a certificate request with a common name that is an IPv6 address: EWC.extremenetworks.com:ap:topology:Seg1_Routed:l3# gen_certreq [fd66:2280:2668::12] location CA Ontario Mississauga organization mnj_Ware_House Service email me@email.com ipv6 key-size 2048