Table of Contents
Advertisement
RSA and Certificate Commands
78-20269-01 Command Line Interface Reference Guide
•
loc location—Specifies the location or city name. (Length: 1–64 characters)
•
st state—Specifies the state or province name. (Length: 1–64 characters)
•
cu country—Specifies the country name. (Length: 2 characters)
•
duration days—Specifies the number of days a certification is valid. (Range:
30–3650)
Default Configuration
The default certificate number is 1.
The default SSL's RSA key length is 1024.
If passphrase string is not specified, the certificate is not exportable.
If cn common-name is not specified, it defaults to the device's lowest static IPv6
address (when the certificate is generated), or to the device's lowest static IPv4
address if there is no static IPv6 address, or to 0.0.0.0 if there is no static IP
address.
If duration days is not specified, it defaults to 365 days.
Command Mode
Global Configuration mode
User Guidelines
This command is not saved in the router configuration. However, the certificate and
keys generated by this command are saved in the private configuration (which is
never displayed to the user or backed up to another device).
When exporting a RSA key pair to a PKCS#12 file, the RSA key pair is as secure as
the passphrase. Keep the passphrase secure.
If the RSA key does not exist, you must use the parameter key-generate.
Example
The following example generates a self-signed certificate for HTTPS.
Console#
crypto certificate generate key-generate
4
65
Advertisement
Table of Contents
