Chapter 3 Configuring SSL Certificates and Keys
Generating Certificates and Private Keys in the CSS
3-6
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
You must also associate an RSA key pair name with the generated RSA key pair,
as discussed in the “Associating Certificate and Private Key Files with Names”
section of this chapter.
Generating a DSA Key Pair
DSA is the public key exchange cryptographic system developed by the National
Institutes of Science and Technology. DSA can only be used for digital signatures
(signings); it cannot be used for key private/public exchange. The CSS stores the
generated DSA key pair as a file on the CSS.
Use the ssl gendsa command to generate a DSA private/public key pair for
asymmetric encryption. The syntax for this command is:
ssl gendsa filename numbits “password”
The variables are:
• filename - The name of the generated DSA key pair file. Enter an unquoted
text string with a maximum of 31 characters. The key pair filename is used
only for identification in the CSS.
• numbits - The key pair strength. The number of bits in the key pair file defines
the size of the DSA key pair used to secure Web transactions. Longer keys
produce a more secure implementation by increasing the strength of the DSA
security policy. Available entries (in bits) are 512 (least security), 768
(normal security), and 1024 (highest security).
• “password” - The password used to encode the DSA private key using DES
(Data Encryption Standard) before it is stored as a file on the CSS. Encoding
the file prevents unauthorized access to the imported certificate and private
key on the CSS. Enter the password as a quoted string with a maximum of 35
characters. The password appears in the CSS running configuration as a
DES-encoded string.
For example, to generate the DSA key pair mydsakeyfile2, enter:
(config) # ssl gendsa mydsakeyfile2 512 “passwd123”
Please be patient this could take a few minutes
You must also associate a DSA key pair name with the generated DSA key pair as
discussed in the “Associating Certificate and Private Key Files with Names”
section of this chapter.
To Next Page
Loading...
Need help?
General
