Configuration Examples for Signed Tcl Script
hello
argc = 0
argv =
argv0 = flash:hello.tcl
tcl_interactive = 0
device#
*Apr 21 04:46:18.563: CRYPTO_PKI: locked trustpoint mytrust, refcount is 1
*Apr 21 04:46:18.563: The PKCS #7 message has 0 verified signers.
*Apr 21 04:46:18.563: CRYPTO_PKI: Success on PKCS7 verify!
*Apr 21 04:46:18.563: CRYPTO_PKI: unlocked trustpoint mytrust, refcount is 0
What to Do Next
• To get an overview of Crypto, refer to the "Part 5: Implementing and Managing a PKI" section of the
Configuration Examples for Signed Tcl Script
Generating a Key Pair Example
The following example shows how to generate the key pair--a private key and a public key:
Generate a Private Key: Example
Host% openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus
.........+++
...............................................................................+++
e is 65537 (0x10001)
Host% ls -l
total 8
-rw-r--r--
Host%
Generate a Public Key from the Private Key
Host% openssl rsa -in privkey.pem -pubout -out pubkey.pem
writing RSA key
Host% ls -l
total 16
-rw-r--r--
-rw-r--r--
Generating a Certificate Example
The following example shows how to generate a certificate:
Host% openssl req -new -x509 -key privkey.pem -out cert.pem -days 1095
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1840
Security Configuration Guide.
1 janedoe eng12
1 janedoe eng12
1 janedoe eng12
1679 Jun 12 14:55 privkey.pem
1679 Jun 12 14:55 privkey.pem
451 Jun 12 14:57 pubkey.pem