Rsa Key Pair - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
key pair (one private key and one public key) and has its identity validated by a trusted routing device (also
known as a CA or trustpoint).
After each routing device enrolls in a PKI, every peer (also known as an end host) in a PKI is granted a digital
certificate that has been issued by a CA. When peers must negotiate a secured communication session, they
exchange digital certificates. Based on the information in the certificate, a peer can validate the identity of
another peer and establish an encrypted session with the public keys contained in the certificate.
RSA Key Pair
An RSA key pair consists of a public key and a private key. When setting up your PKI, you must include the
public key in the certificate enrollment request. After the certificate has been granted, the public key is included
in the certificate so that peers can use it to encrypt data that is sent to the device. The private key is kept on
the device and used both to decrypt the data sent by peers and to digitally sign transactions when negotiating
with peers.
RSA key pairs contain a key modulus value. The modulus determines the size of the RSA key. The larger the
modulus, the more secure the RSA key. However, keys with large modulus values take longer to generate,
and encryption and decryption operations take longer with larger keys.
Certificate and Trustpoint
A certification authority (CA), also known as a trustpoint, manages certificate requests and issues certificates
to participating network devices. These services (managing certificate requests and issuing certificates) provide
centralized key management for the participating devices and are explicitly trusted by the receiver to validate
identities and to create digital certificates. Before any PKI operations can begin, the CA generates its own
public key pair and creates a self-signed CA certificate; thereafter, the CA can sign certificate requests and
begin peer enrollment for the PKI.
You can use a CA provided by a third-party CA vendor, or you can use an internal CA, which is the Cisco
Certificate Server.
How to Configure Signed Tcl Scripts
Generating a Key Pair
The key pair consists of a private key and a public key. The private key is intended to be kept private, accessible
only to the creator. The public key is generated from the private key and is intended to be known to the public.
To generate a key pair, use the openssl genrsa command and then the openssl rsa command.
SUMMARY STEPS
1. openssl genrsa -out private-key-file bit-length
2. ls -l
3. openssl rsa -in private-key-file
4. ls -l
-pubout -out public-key-file
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
How to Configure Signed Tcl Scripts
1827
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
