Managing private keys and certificates 307Table 54CSR information (cont’d.)Prompt DescriptionSubject alternativename (blank or commaseparated list ofURI:, DNS:,IP:,email:):Specifies alternative information for thesubject if you did not provide a CommonName or e-mail address. The requiredinformation is a comma-separated list asfollows:• URI:, a Uniform ResourceIdentifier• DNS:, the fully qualifieddomain name• IP:• email:Generate new key pair(y/n) [y]:Specifies whether you want to generatea new pair of private and public keys.The default is y (yes).If you are creating a CSR for a newcertificate, accept the option to generatea new key pair.If a configured certificate is approachingits expiration date and you want torenew it without replacing the existingkey, specify n (no). The CSR willbe based on the existing key for thespecified certificate number.Key size [1024]: The length of the generated key, in bits.The default value is 1024.Request a CA certificate(y/n) [n]:Specifies whether to requesta CA certificate to use for clientauthentication. Request a CA certificateif you plan to issue your own servercertificates or client certificates,generating them from the requested CAcertificate. The default is n (no).Specify challengepassword (y/n) [n]:Specifies a password to be used duringmanual revocation of the certificate.3 Generate the CSR.After you have provided the required information, press Enter.The CSR is generated and displayed on the screen.Nortel Secure Network Access SwitchUsing the Command Line InterfaceNN47230-100 03.01 Standard28 July 2008Copyright © 2007, 2008 Nortel Networks.