1-10
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring Digital Certificates
Configuring Digital Certificates
Configuring Key Pairs
To generate key pairs, perform the following steps:
Removing Key Pairs
To remove key pairs, perform the following steps:
Examples
The following example shows how to remove key pairs:
hostname(config)# crypto key zeroize rsa
WARNING: All RSA keys will be removed.
WARNING: All device certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no] y
Command Purpose
Step 1
crypto key generate rsa
Example:
hostname/contexta(config)# crypto key generate rsa
Generates one, general-purpose RSA key pair. The
default key modulus is 1024. To specify other
modulus sizes, use the modulus keyword.
Note Many SSL connections using identity
certificates with RSA key pairs that exceed
1024 bits can cause high CPU usage on the
ASA and rejected clientless logins.
Step 2
crypto key generate rsa label key-pair-label
Example:
hostname/contexta(config)# crypto key generate rsa
label exchange
(Optional) Assigns a label to each key pair. The label
is referenced by the trustpoint that uses the key pair.
If you do not assign a label, the key pair is
automatically labeled, Default-RSA-Key.
Step 3
show crypto key name of key
Example:
hostname/contexta(config)# show crypto key
examplekey
Verifies key pairs that you have generated.
Step 4
write memory
Example:
hostname(config)# write memory
Saves the key pair that you have generated.
Command Purpose
crypto key zeroize rsa
Example:
hostname(config)# crypto key zeroize rsa
Removes key pairs.
To Next Page
Loading...
Need help?
General
