Chapter 3 Configuring SSL Certificates and Keys
Generating Certificates and Private Keys in the CSS
3-10
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Generating a Self-Signed Certificate
For purposes of SSL testing, you can generate a temporary certificate by
generating a CSR and signing it with your own private key. A generated certificate
is temporary and expires in 30 days. Use the ssl gencert command to generate and
save a temporary certificate to a file on disk in the CSS.
Note The ssl gencert command produces a valid certificate. However, most Web
browsers flag this certificate as signed by an unrecognized signing authority.
Before you generate the certificate, consider:
• The key pair that the certificate is based on (RSA or DSA).
• The key used to sign the certificate.
The ssl gencert command can sign RSA or DSA certificates with either an RSA
key pair or a DSA key pair.
Note Although the CSS allows signing an RSA certificate with a DSA key (and a DSA
certificate with an RSA key) it is a more standard practice that an RSA certificate
is signed with RSA keys (and DSA certificate is signed with a DSA key).
The syntax for this command is:
ssl gencert certkey certkey signkey signkey certfile “password”
The variables are:
• certkey certkey - The name of the RSA or DSA key pair on which the
certificate is based. Enter an unquoted text string with a maximum of 31
characters.
• signkey signkey - The RSA or DSA key pair to be used to sign the certificate.
Enter an unquoted text string with a maximum of 31 characters.
• certfile - The name of the file used to store the certificate as a file on the CSS.
Enter an unquoted text string with a maximum of 31 characters.
• “password” - The password used to encode the certificate file using DES
(Data Encryption Standard) before it is stored as a file on the CSS. Encoding
the file prevents unauthorized access to the imported certificate and private
To Next Page
Loading...
Need help?
General
