Send documentation comments to mdsfeedback-doc@cisco.com
43-16
Cisco MDS 9000 Family Fabric Manager Configuration Guide
OL-17256-03, Cisco MDS NX-OS Release 4.x
Chapter 43 Configuring Certificate Authorities and Digital Certificates
Configuring CAs and Digital Certificates
Step 2 Click the Trust Point Actions tab in the Information pane.
Step 3 Select the crlimport option from the Command drop-down menu to import the CRL to the selected trust
point.
Step 4 Enter the input file name with the CRL in the bootflash:filename format, in the URL field.
Step 5 Click Apply Changes to save the changes.
Deleting Certificates from the CA Configuration
You can delete the identity certificates and CA certificates that are configured in a trust point. You must
first delete the identity certificate, followed by the CA certificates. After deleting the identity certificate,
you can disassociate the RSA key-pair from a trust point. The certificate deletion is necessary to remove
expired or revoked certificates, certificates whose key-pairs are compromised (or suspected to be
compromised) or CAs that are no longer trusted.
To delete the CA certificate (or the entire chain in the case of a subordinate CA) from a trust point using
Fabric Manager, follow these steps:
Step 1 Click Switches > Security > PKI in the Physical Attributes pane.
Step 2 Click the Trust Point Actions tab in the Information pane.
Step 3 Select the cadelete option from the Command drop-down menu to delete the identity certificate from a
trust point.
Note If the identity certificate being deleted is the last-most or only identity certificate in the device,
you must use the forcecertdelete action to delete it. This ensures that the administrator does not
mistakenly delete the last-most or only identity certificate and leave the applications (such as
IKE and SSH) without a certificate to use.
Step 4 Click Apply Changes to save the changes.
To delete the identity certificate, click the Trust Point Actions tab and select the certdelete or
forcecertdelete in the Command drop-down menu.
Deleting RSA Key-Pairs from Your Switch
Under certain circumstances you may want to delete your switch’s RSA key-pairs. For example, if you
believe the RSA key-pairs were compromised in some way and should no longer be used, you should
delete the key-pairs.
To delete RSA key-pairs from your switch, follow these steps:
Step 1 Expand Switches > Security and then select PKI in the Physical Attributes pane.
Step 2 Click the RSA Key-Pair tab in the Information pane.
Step 3 Click Delete Row.
To Next Page
Loading...
Need help?
General
