Nortel SSL 製品 での鍵ペア及びCSR 生成: (NAS2424-SSL, NVG, NAA, NSNAS 共通) * 設定に関する詳細につきましては、各製品マニュアルをご参照下さい。 例-Cert 1 で Host名: www.nortel-japan.com という証明書を作成する手順 >> Configuration# /cfg/cert 1 >> Certificate 1# request The combined length of the following parameters may not exceed 225 bytes. Country Name (2 letter code): JP State or Province Name (full name): Tokyo Locality Name (eg, city): Shinagawa Organization Name (eg, company): Nortel Networks Japan Organizational Unit Name (eg, section): Enterprise Common Name (eg, your name or your server's hostname): www.nortel-japan.com Email Address: 1234567890@nortel.com Subject alternative name (blank or comma separated list of URI:, DNS:, IP:, email:): Key size (512/1024/2048/4096) [1024]: 1024 Request a CA certificate (y/n) [n]: y Specify challenge password (y/n) [n]: -----BEGIN CERTIFICATE REQUEST----- xxxzCCAfcCAQAwgaoxCzAJBgNVBAYTAkpQMQ4wDAYDVQQIEwVUb2t5bzESMBAG A1UEBxMJU2hpbmFnYXdhMR4wHAYDVQQKExVOb3J0ZWwgTmV0d29ya3MgSmFwYW4x <中略> qvVSf1j+pr307pk3qfgJzOvLU0N2FjAVYrRqYSqWWbsy+OjlbTCqdrdP8jOO/CFv AewM9L+G9UnfD7USu3EdnqOZgw== -----END CERTIFICATE REQUEST----- Use 'apply' to store the private key in the iSD until the signed certificate is entered. The private key will be lost unless you 'apply' or save it elsewhere using 'export'. >> Certificate 1# apply Changes applied successfully. Nortel SSL 製品 での証明書のインストール: (NAS2424-SSL, NVG, NAA, NSNAS 共通) * 設定に関する詳細につきましては、各製品マニュアルをご参照下さい。 >> Configuration# /cfg/cert 1 >> Certificate 1# cert Paste the certificate, press Enter to create a new line, and then type "..." (without the quotation marks) to terminate. > -----BEGIN CERTIFICATE----- > MIIEDDCCAvSgAwIBAgIIRh5pC7EI0XEwDQYJKoZIhvcNAQEFBQAwXzELMAkGA1UE > BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKTAn > BgNVBAMTIFNFQ09NIFBhc3Nwb3J0IGZvciBXZWIgU1IgMi4wIENBMB4XDTA4MDQw <中略> > um9yryiqISPtGENys/sBhG/Tr7rstZcVngV6P5wF8+wQweNJWtc8H/aKUejLPpPS > N3l9Os9C0PpMhN4PxxxxBCFDq9/eMvwTe8o26axVTUyqUox48N4iYGfCMMCoxRTa > 3iHwiGqkwSfRXC1TILtAZR6mLmPGMR2898ybPhqN2bs= > -----END CERTIFICATE----- > ... ------------------------------------------------------------ [Certificate 1 Menu] name - Set certificate name cert - Set certificate key - Set private key revoke - Revocation menu gensigned - Generate signed client/server certificate request - Generate certificate request sign - Sign a certificate request test - Generate test certificate and key import - Import key and certificate with TFTP/FTP/SCP/SFTP export - Export certificate and key with TFTP/FTP/SCP/SFTP display - Display certificate and key show - Show certificate information info - Show certificate short information subject - Show certificate subject information validate - Check if key and certificate match keysize - Show key size keyinfo - Show how key is stored del - Remove certificate Certificate added. Validate: key and certificate match. >> Certificate 1# apply Changes applied successfully. Nortel SSL 製品 での中間証明書のインストール: (NAS2424-SSL, NVG, NAA, NSNAS 共通) * 設定に関する詳細につきましては、各製品マニュアルをご参照下さい。 Cert1 と中間証明書 Cert2 で Chain 構築する場合 1, 中間証明書 SECOM Passport for Web SR 2.0 CA を Cert 2 にインストール >> Certificate 2# cert Paste the certificate, press Enter to create a new line, and then type "..." (without the quotation marks) to terminate. > -----BEGIN CERTIFICATE----- > MIIENjCCAx6gAwIBAgIEErmwvDANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJK > UDEYMBYGA1UEChMPU0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBD > b21tdW5pY2F0aW9uIFJvb3RDQTEwHhcNMDgwMjI4MDg1MTE3WhcNMTgwMjI4MDg1 > MTE3WjBfMQswCQYDVQQGEwJKUDElMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVt > cyBDTy4sTFRELjEpMCcGA1UEAxMgU0VDT00gUGFzc3BvcnQgZm9yIFdlYiBTUiAy > LjAgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtgd13+lCyPzhU > 9ytqBCMd24QIbdxRQb8JAdeEr8h+kvlyRzVq1YXrLVqCcm9sEOY3nfzXCl+ZByQ9 > ULs299FQLThdv2tWLuZ5tFk+oAl+0I6oDO0Kw1v4ebXBI1qztfPy9uTkKqn/hlM+ > V8ydADZX8cKvNCtSaFdNoVfLKMYhulhKmadl5YUkPyNC58uWpQOXP6vqQFduH6dO > JCVO7pKL8aXkj9yWVlQBF4xCB9/e08LCfpddnSXz5QTubjtPIyXOTHXg5OkZq1Uu > rY3LuYvCJZFOCXivNTxfsadAneESC4Pgesj0r4GmPEOw5lmbzGYndUluOe+LIu2b > maSUlI4JAgMBAAGjggEHMIIBAzAdBgNVHQ4EFgQUMJoAV5lEY2vJsvI9jYNrO9ed > 72QwHwYDVR0jBBgwFoAUoHNJmWjchVtl45soL1efvTO8B0gwEgYDVR0TAQH/BAgw > BgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDov > L3JlcG9zaXRvcnkuc2Vjb210cnVzdC5uZXQvU0MtUm9vdDEvU0NSb290MUNSTC5j > cmwwUgYDVR0gBEswSTBHBgoqgwiMmxtkhwUBMDkwNwYIKwYBBQUHAgEWK2h0dHBz > Oi8vcmVwb3NpdG9yeS5zZWNvbXRydXN0Lm5ldC9TQy1Sb290MS8wDQYJKoZIhvcN > AQEFBQADggEBAE2zSxnE3viee1Q6aXe4Me1Q3PTSrS8IW693wSO+FDg5/S1O0dIp > tp2tjnl2QRrVTN220VRou4wtsdkYdwO7RpEaKOzhuAAtjLUMoiTfdbpY/N2KwbRT > EilDd+1Mc42xSR8UVr4RjW3WVTVVJUiKhOg+dDjifbo3ZGkUp2nZxkA+dLQju8Jx > nys9aoiBEc4uvBKfyBjn+WMNJYfDhQW6nJ23p2lB7shngtMvA+ZDw1OKYFjWKhrA > gJqXiVRA5iXFHo6vf6EQvzcTBR2K0EIY+Lv5ZKgFVgb6J3EPXHmQ/1pDoqe3bGhk > ipQl7r5/eycMkkuZxTM9k+BicSmByyZ6p8g= > -----END CERTIFICATE----- > ... ------------------------------------------------------------ [Certificate 2 Menu] name - Set certificate name cert - Set certificate key - Set private key revoke - Revocation menu gensigned - Generate signed client/server certificate request - Generate certificate request sign - Sign a certificate request test - Generate test certificate and key import - Import key and certificate with TFTP/FTP/SCP/SFTP export - Export certificate and key with TFTP/FTP/SCP/SFTP display - Display certificate and key show - Show certificate information info - Show certificate short information subject - Show certificate subject information validate - Check if key and certificate match keysize - Show key size keyinfo - Show how key is stored del - Remove certificate Certificate added. Validate: key or certificate not defined. >> Certificate 2# apply Changes applied successfully. 2, Cert 2 を Cert 1 の Cachain として設定する >> SSL Settings# . ------------------------------------------------------------ [SSL Settings Menu] cert - Set server certificate cachesize - Set SSL cache size cachettl - Set SSL cache timeout cacerts - Set list of accepted signers of client certificates cachain - Set list of CA chain certificates protocol - Set protocol version verify - Set certificate verification level verifylog - Set syslog detail for client certificate ciphers - Set cipher list ena - Enable SSL dis - Disable SSL >> SSL Settings# cachain Current value: "" Enter certificate numbers (separated by comma): 2 >> SSL Settings# apply Changes applied successfully.