HP Cisco MDS 9020 - Fabric Switch Configuration Manual page 817

Chapter 34 Configuring Certificate Authorities and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
To generate an RSA key-pair, follow these steps:
Command
Step 1
switch# config terminal
switch(config)#
Step 2
switch(config)# crypto key generate rsa
switch(config)# crypto key generate rsa label
SwitchA modulus 768
switch(config)# crypto key generate rsa exportable
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Configuring CAs and Digital Certificates
Purpose
Enters configuration mode.
Generates an RSA key-pair with the switch
FQDN as the default label and 512 as the
default modulus. By default, the key is not
exportable.
Note The security policy (or
requirement) at the local site (MDS
switch) and at the CA (where
enrollment is planned) are
considered in deciding the
appropriate key modulus.
The maximum number of key-pairs
Note
you can configure on a switch is
16.
Generates an RSA key-pair with the label
SwitchA and modulus 768. Valid modulus
values are 512, 768, 1024, 1536, and 2048.
By default, the key is not exportable.
Generates an RSA key-pair with the switch
FQDN as the default label and 512 as the
default modulus. The key is exportable.
The exportability of a key-pair
Caution
cannot be changed after key-pair
generation.
Note Only exportable key-pairs can be
exported in PKCS#12 format.
Cisco MDS 9000 Family CLI Configuration Guide
34-7