298 Managing certificatesThe Nortel SNAS can support a maximum of 1500 certificates. However,only one server certificate can be mapped to a portal server at any onetime. For information about mapping a certificate to the portal server, see“Configuring SSL settings” (page 102).If you ran the quick setup wizard during initial setup, a test certificate hasbeen installed and mapped to the Nortel SNAS portal.You can install new certificates or import or renew existing certificates.ATTENTIONThe Nortel SNAS supports keys and certificates created by using Apache-SSL,OpenSSL, or Stronghold SSL. However, for greater security, Nortel recommendscreating keys and generating certificate signing requests from within the NortelSNAS system using the CLI or SREM. This way, the encrypted private key neverleaves the Nortel SNAS and is invisible to the user.Key and certificate formatsThe Nortel SNAS supports importing, saving, and exporting private keysand certificates in a number of standard formats. Table 53 "Supported keyand certificate formats" (page 298) summarizes the supported formats.Table 53Supported key and certificate formatsFormat Import/Add Export/Save CommentPEM* Yes Yes Encrypts the private key. Combines the private key andcertificate in the same file.ATTENTION*You must use the PEM format when:• you save keys and certificates by copying• you add a key or certificate by pastingDER Yes Yes Does not encrypt the private key. Allows you to storethe private key and certificate in separate files.NET Yes Yes Encrypts the private key. Allows you to store the privatekey and certificate in separate files.PKCS12(alsoknownas PFX)Yes Yes Encrypts the private key. Combines the private keyand certificate in the same file. Most browsers allowimporting a combined key and certificate file in thePKCS12 format.PKCS7 Yes No Certificate only.PKCS8 Yes No Key only (used in WebLogic).MS IIS 4 Yes No Key only (proprietary format).Nortel Secure Network Access SwitchUsing the Command Line InterfaceNN47230-100 03.01 Standard28 July 2008Copyright © 2007, 2008 Nortel Networks.