388 Managing Keys and Certificates
Creating Public-Private Key Pairs
To use a self-signed certificate or Certificate Signing Request (CSR) certificate for WSS switch authentication, you must
generate a public-private key pair.
To create a public-private key pair, use the following command:
crypto generate key {admin | eap | ssh | webaaa} {512 | 1024 | 2048}
Choose the key length based on your need for security or to conform with your organization's practices. For example,
the following command generates an administrative key pair of 1024 bits:
23x0# crypto generate key admin 1024
admin key pair generated
Note.
After you generate or install a certificate (described in the following sections), do
not create the key pair again. If you do, the certificate might not work with the new key, in
which case you will need to regenerate or reinstall the certificate.
320657-A