Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual page 877

Chapter 36 Configuring Certificate Authorities and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
To generate an RSA key-pair, follow these steps:
Command
Step 1
switch# config terminal
switch(config)#
Step 2
switch(config)# crypto key generate rsa
switch(config)# crypto key generate rsa label
SwitchA modulus 768
switch(config)# crypto key generate rsa exportable
OL-18084-01, Cisco MDS NX-OS Release 4.x
Configuring CAs and Digital Certificates
Purpose
Enters configuration mode.
Generates an RSA key-pair with the switch
FQDN as the default label and 512 as the
default modulus. By default, the key is not
exportable.
The security policy (or
Note
requirement) at the local site (MDS
switch) and at the CA (where
enrollment is planned) are
considered in deciding the
appropriate key modulus.
The maximum number of key-pairs
Note
you can configure on a switch is
16.
Generates an RSA key-pair with the label
SwitchA and modulus 768. Valid modulus
values are 512, 768, 1024, 1536, and 2048.
By default, the key is not exportable.
Generates an RSA key-pair with the switch
FQDN as the default label and 512 as the
default modulus. The key is exportable.
The exportability of a key-pair
Caution
cannot be changed after key-pair
generation.
Only exportable key-pairs can be
Note
exported in PKCS#12 format.
Cisco MDS 9000 Family CLI Configuration Guide
36-7