Table of Contents
Advertisement
Configuring Secure Socket Layer (SSL)
Configuring the Switch for SSL Operation
Note:
Note:
7-10
To Generate or Erase the Switch's Server Certificate with the
CLI
Because the host certificate is stored in flash instead of the running-config
file, it is not necessary to use write memory to save the certificate. Erasing the
host certificate automatically disables SSL.
CLI commands used to generate a Server Host Certificate.
Syntax: crypto key generate cert [rsa] < 512 | 768 |1024 >
Generates a key pair for use in the certificate.
crypto key zeroize cert
Erases the switch's certificate key and disables SSL opera
tion.
crypto host-cert generate self-signed [arg-list]
Generates a self signed host certificate for the switch. If a
switch certificate already exists, replaces it with a new
certificate. (See the Note on page 7-9.)
crypto host-cert zeroize
Erases the switch's host certificate and disables SSL opera
tion.
To generate a host certificate from the CLI:
i. Generate a certificate key pair. This is done with the crypto key
generate cert command. The default key size is 512.
If a certificate key pair is already present in the switch, it is not necessary to
generate a new key pair when generating a new certificate. The existing key
pair may be re-used and the crypto key generate cert command does not have
to be executed
ii. Generate a new self-signed host certificate. This is done with the
crypto host-cert generate self-signed [ Arg-List ] command.
When generating a self-signed host certificate on the CLI if there is not
certificate key generated this command will fail.
Hide quick links:
Advertisement
Table of Contents
