3-7
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 3 Configuring SSL Certificates and Keys
Generating Certificates and Private Keys in the CSS
Generating Diffie-Hellman Key Parameters
Diffie-Hellman is a shared key agreement algorithm. Diffie-Hellman key
exchange uses a complex algorithm and public/private keys to encrypt and then
decrypt packet data. The CSS stores the generated Diffie-Hellman key parameter
file. Use the ssl gendh command to generate a Diffie-Hellman key agreement
parameter file.
Note Generation of a Diffie-Hellman key agreement parameter file can sometimes take
a lengthy period of time (perhaps up to 20 minutes) and is a CPU-intensive utility.
If you are running the ssl gendh utility, ensure that the CSS is not actively passing
traffic at the same time to avoid impacting CSS performance.
The syntax for this command is:
ssl gendh filename numbits “password”
The variables are:
• filename - The name of the file to store the Diffie-Hellman key parameters.
Enter an unquoted text string with a maximum of 31 characters. The filename
is used only for identification in the CSS.
• numbits - The key strength. The number of bits in the file defines the size of
the Diffie-Hellman key used to secure Web transactions. Longer keys produce
a more secure implementation by increasing the strength of the
Diffie-Hellman security policy. Available entries (in bits) are 512 (least
security), 768 (normal security), 1024 (high security), and 2048 (highest
security).
• “password” - The password used to encode the Diffie-Hellman key using
DES (Data Encryption Standard) before it is stored as a file on the CSS.
Encoding the file prevents unauthorized access to the imported certificate and
private key on the CSS. Enter the password as a quoted string with a
maximum of 35 characters. The password appears in the CSS running
configuration as a DES-encoded string.
For example, to generate the Diffie-Hellman key parameter list dhparamfile2,
enter:
(config) # ssl gendh dhparamfile2 512 “passwd123”
Please be patient this could take a few minutes
To Next Page
Loading...
Need help?
General
