Send documentation comments to mdsfeedback-doc@cisco.com
43-6
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 43 Configuring Certificate Authorities and Digital Certificates
Configuring CAs and Digital Certificates
Configuring CAs and Digital Certificates
This section describes the tasks you must perform to allow CAs and digital certificates your Cisco MDS
switch device to interoperate. This section includes the following sections:
• Configuring the Host Name and IP Domain Name, page 43-6
• Generating an RSA Key-Pair, page 43-6
• Creating a Trust Point CA Association, page 43-8
• Copying Files to Bootflash, page 43-9
• Authenticating the CA, page 43-10
• Configuring Certificate Revocation Checking Methods, page 43-12
• Generating Certificate Requests, page 43-12
• Installing Identity Certificates, page 43-13
• Saving Your Configuration, page 43-13
• Ensuring Trust Point Configurations Persist Across Reboots, page 43-14
• Monitoring and Maintaining CA and Certificates Configuration, page 43-14
Configuring the Host Name and IP Domain Name
You must configure the host name and IP domain name of the switch if they are not already configured.
This is required because switch FQDN is used as the subject in the identity certificate. Also, the switch
FQDN is used as a default key label when none is specified during key-pair generation. For example, a
certificate named SwitchA.example.com is based on a switch host name of SwitchA and a switch IP
domain name of example.com.
Caution Changing the host name or IP domain name after generating the certificate can invalidate the certificate.
To configure the host name and IP domain name, refer to the Cisco MDS 9000 NX-OS CLI Configuration
Guide.
Generating an RSA Key-Pair
RSA key-pairs are used to sign and/or encrypt and decrypt the security payload during security protocol
exchanges for applications such as IKE/IPsec and SSH, and they are required before you can obtain a
certificate for your switch.
To generate an RSA key-pair using Fabric Manager, follow these steps:
Step 1 Expand Switches > Security and then select PKI in the Information pane.
Step 2 Click the RSA Key-Pair tab.
You see the information shown in Figure 43-1.
To Next Page
Loading...
Need help?
General
