Filter
Top Products
Chapter 34: PKI Certificates and SSL
402 Section IX: Management Security
If your network has a Domain Name System and you mapped a name to
the IP address of a switch, you can specify the switch’s name instead of
the IP address as the distinguished name.
For those switches that do not have an IP address, such as slave switches
of an enhanced stack, you could assign their certificates a distinguished
name using the IP address of the master switch of the enhanced stack.
There is a benefit to giving a certificate a distinguished name equivalent to
a switch’s IP address or domain name. This relates to what happens when
you start a web browser management session with a switch using SSL.
The web browser on your management station checks to see if the name
to whom the certificate was issued matches the name of the web site. In
the case of the AT-9400 Switch, the web site’s name is the switch’s IP
address or domain name or, in the case of an enhanced stack, the master
switch’s IP address. If the names do not match, the web browser displays
a security warning. Of course, even if you see the security warning, you
can close the warning prompt and still configure the switch using your web
browser.
Note
If the certificate will be issued by a private or public CA, you should
check with the CA to see if they have any rules or guidelines on
distinguished names for the certificates they issue.