Device administration
Related CLI commands
Use the genkey command to generate a private key file:
genkey 0 <keysize> <filename> <-ssh1>
where:
<keysize> is the size of the key in bits.
▪
<filename> is the name of the private key file.
▪
<-ssh1> is optional, and will generate the private key file in SSH version 1 format.
▪
Note
IPsec requires SSH version 2 private keys.
For example, to generate a 1024 bit SSH version 2 key called privkey.pem, enter:
genkey 1024 privkey.pem
Command output is:
OK
Starting 1024 bit key generation. Please wait. This may take some
time...
Key generated, saving to FLASH file privkey.pem
Closing file
Private key file created
All tasks completed
Private key files: Splitting certificates
For increased security, you can split the private key file between the router flash and an USB
memory stick. Once a private key has been split and stored in two parts, the USB memory stick must
be present for any successful IKE negotiations that involve the private key. Because the USB
memory stick only contains a part of the private key, you cannot use it in another router. The
command to split a private key is:
privsplit <certificate filename>
Digi TransPort WR Routers User Guide
Manage X.509 certificates and host key pairs
837