Config.security.ssl.resetkeys - McDATA 316095-B21 - StorageWorks Edge Switch 2/24 User Manual

Parameters
Command Example

config.security.ssl.resetKeys

Syntax
Purpose
The purpose for generating new keys is to improve the security of the
SSL connections in case the private key has been compromised. This
is considered to be unlikely, but the generation of new keys is usually
performed periodically as a matter of security policy.
Once a new certificate and private key are generated, you will likely
see a message upon SSL connection that indicates that the new
certificate is unrecognized. You can then choose to accept or reject the
connection. The web browser warning message typically provides an
MD5 or SHA-1 fingerprint that allows the user to verify the
connection before continuing.
If you choose, you can manually verify the fingerprint shown by the
web browser by comparing it with the fingerprint provided at the
end of the
config.security.ssl.show
The web browser will display another warning upon expiration of
the certificate. At this point, you can either choose to continue, or
cancel, despite the expiry date.
NOTE: The generation of the certificate and private key can be CPU
intensive; therefore it is recommended that this be performed outside of peak
hours.
This command has one parameter:
validDays
Root> config security ssl generateKeys 50
resetKeys
This command resets the SSL public certificate and private
encryption key to factory default values. For the next SSL connection,
a new certificate and private key will be created. The new certificate
will be valid for one year. The web browser will display a notification
command.
The number of days the keys will be valid.
Valid values are 30 (1 month) to 3650 (10
years). This value should be selected as part
of a security policy. The certificate and
private key should be regenerated before this
date expires.
config
CLI Commands
2-71
2