Configuring CAs and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Configuring the Host Name and IP Domain Name
You must configure the host name and IP domain name of the switch if they are not already configured.
This is required because switch FQDN is used as the subject in the identity certificate. Also, the switch
FQDN is used as a default key label when none is specified during key-pair generation. For example, a
certificate named SwitchA.example.com is based on a switch host name of SwitchA and a switch IP
domain name of example.com.
Changing the host name or IP domain name after generating the certificate can invalidate the certificate.
To configure the host name and IP domain name of the switch, follow these steps:
switch# config terminal
switch(config)# hostname SwitchA
SwitchA(config)# ip domain-name example.com
Generating an RSA Key-Pair
RSA key-pairs are used to sign and/or encrypt and decrypt the security payload during security protocol
exchanges for applications such as IKE/IPsec and SSH, and they are required before you can obtain a
certificate for your switch.
Cisco MDS 9000 Family CLI Configuration Guide
Generating Certificate Requests, page 34-10
Installing Identity Certificates, page 34-11
Ensuring Trust Point Configurations Persist Across Reboots, page 34-12
Monitoring and Maintaining CA and Certificates Configuration, page 34-13
Configuring Certificate Authorities and Digital Certificates
Enters configuration mode.
Configures the host name (SwitchA) of the switch.
Configures the IP domain name (example.com) of
OL-16184-01, Cisco MDS SAN-OS Release 3.x