User's Manual

797 | Management Access Dell Networking W-Series ArubaOS 6.4.x| User Guide
Parameter Description Range
CSR Type
Type of the CSR.
You can generate a certificate signing request either
with an Elliptic curve (EC) key, or with a Rivest-
Shamir-Aldeman (RSA) key.
ec/rsa
Curve name
Length of the private/public key for ECDSA. This is
applicable only if CSR Type is ec.
secp256r1/secp384r1
Key Length
Length of the private/public key for RSA.
This is applicable only if CSR Type is rsa.
1024/2048/4096
Common Name
Typically, this is the host and domain name, as in
www.yourcompany.com.
Country
Two-letter ISO country code for the country in which
your organization is located.
State/Province
State, province, region, or territory in which your
organization is located.
City
City in which your organization is located.
Organization
Name of your organization.
Unit
Optional field to distinguish a department or other
unit within your organization.
Email Address
Email address referenced in the CSR.
Table 164: CSR Parameters
3. Click Generate New.
4. Click View Current to display the generated CSR. Select and copy the CSR output between the BEGIN
CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines, paste it into an email and send it to the CA of
your choice.
In the CLI
1. Run the following command:
crypto pki csr {rsa key_len <key_val> |{ec curve-name <key_val>} common_name <common_val>
country <country_val> state_or_province <state> city <city_val> organization <organization_
val> unit <unit_val> email <email_val>
2. Display the CSR output with the following command:
show crypto pki csr
3. Copy the CSR output between the BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines,
paste it into an email and send it to the CA of your choice.
Obtaining a Client Certificate
You can use the CSR generated on the controller to obtain a certificate for a client. However, since there may be
a large number of clients in a network, you typically obtain client certificates from a corporate CA server. For
example, in a browser window, enter http://<ipaddr>/crtserv, where <ipaddr> is the IP address of the CA
server.