Creating Keys and Certificates 419Creating Keys andCertificatesPublic-private key pairs and digital certificates are required formanagement access with 3Com Wireless Switch Manager or WebManager, or for network access by 802.1X or WebAAA users. The digitalcertificates can be self-signed or signed by a certificate authority (CA). Ifyou use certificates signed by a CA, you must also install a certificate fromthe CA to validate the digital signatures of the certificates installed on theWX switch.Generally, CA-generated certificates are valid for one year beginning withthe system time and date that are in effect when you generate thecertificate request. Self-signed certificates generated when running MSSVersion 4.2.3 or later are valid for three years, beginning one weekbefore the time and date on the switch when the certificate is generated.Each of the following types of access requires a separate key pair andcertificate: Admin—Administrative access through 3Com Wireless SwitchManager or Web Manager EAP—802.1X access for network users who can access SSIDsencrypted by WEP or WPA, and for users connected to wiredauthentication ports WebAAA—Web access for network users who can use a web page tolog onto an unencrypted SSIDManagement access to the CLI through Secure Shell (SSH) also requires akey pair, but does not use a certificate. (For more SSH information, see“Managing SSH” on page 113.)WX-WX security also requires a key pair and certificate. However, thecertificate is generated automatically when you enable WX-WX security.
