Siemens RUGGEDCOM ROX II User Manual page 189

RUGGEDCOM ROX II
CLI User Guide
Parameter
authentication-key { authentication-key }
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
6.
Section 6.8
Managing Certificates and Keys
RUGGEDCOM ROX II uses X.509v3 certificates and keys to establish secure connections for remote logins (SSH)
and Web access (SSL).
To allow for initial configuration, all RUGGEDCOM ROX II devices are shipped from the factory with a pair of pre-
installed default certificates and keys. Certificates and keys for TLS and SSH are also auto-generated during initial
boot-up and can be replaced by user-defined certificates and keys. Auto-generated certificates are self-signed.
Siemens recommends that all certificates be replaced by ones signed by a trusted Certificate Authority (CA).
NOTE
Only admin users can read/write certificates and keys on the device.
CONTENTS
• Section 6.8.1, "Viewing the Local Host SSH/RSA Public Key"
• Section 6.8.2, "Managing the Trusted Certificate Store"
• Section 6.8.3, "Managing CA Certificates for the Trusted Certificate Store"
• Section 6.8.4, "Managing CA Certificates and CRLs"
• Section 6.8.5, "Managing Private Keys"
• Section 6.8.6, "Managing Public Keys"
• Section 6.8.7, "Managing Certificates"
• Section 6.8.8, "Managing Known Hosts"
Section 6.8.1
Viewing the Local Host SSH/RSA Public Key
To view the local host SSH/RSA public key, type:
show security crypto local-host-ssh-rsa-public-key
For example:
show security crypto local-host-ssh-rsa-public-key
local-host-ssh-rsa-public-key
contents "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0De8wvPyFpUGph9mwNXPcY3/
dwmQxIelGZe5Pt4laOZpeGOtuMSKqN15jcx29RcBasSdui5muLq8o+iBfDwjJw2q5WBBqyweXHgGYQGC58e7PQ5eYWIvu2L/
Managing Certificates and Keys
The TCP port to use when connecting the TACACS+ server. The default port is 49.
Synopsis: A string
The authentication key to use for encrypting and decrypting TACACS+ traffic. Use only
ASCII characters.
Description
Chapter 6
Security
143