bzEVMBMGA1UEAxMMQUNUMiBTVURJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0m5l3THIxA9tN/hS5qR/6UZRpdd+9aE2JbFkNjht6gfHKd477AkS
5XAtUs5oxDYVt/zEbslZq3+LR6qrqKKQVu6JYvH05UYLBqCj38s76NLk53905Wzp
9pRcmRCPuX+a6tHF/qRuOiJ44mdeDYZo3qPCpxzprWJDPclM4iYKHumMQMqmgmg+
xghHIooWS80BOcdiynEbeP5rZ7qRuewKMpl1TiI3WdBNjZjnpfjg66F+P4SaDkGb
BXdGj13oVeF+EyFWLrFjj97fL2+8oauV43Qrvnf3d/GfqXj7ew+z/sXlXtEOjSXJ
URsyMEj53Rdd9tJwHky8neapszS+r+kdVQIDAQABo4IBWjCCAVYwCwYDVR0PBAQD
AgHGMB0GA1UdDgQWBBRI2PHxwnDVW7t8cwmTr7i4MAP4fzAfBgNVHSMEGDAWgBQn
88gVHm6aAgkWrSugiWBf2nsvqjBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vd3d3
LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvY3JsL2NyY2EyMDQ4LmNybDBQBggrBgEF
BQcBAQREMEIwQAYIKwYBBQUHMAKGNGh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3Vy
aXR5L3BraS9jZXJ0cy9jcmNhMjA0OC5jZXIwXAYDVR0gBFUwUzBRBgorBgEEAQkV
AQwAMEMwQQYIKwYBBQUHAgEWNWh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5
L3BraS9wb2xpY2llcy9pbmRleC5odG1sMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJ
KoZIhvcNAQEFBQADggEBAGh1qclr9tx4hzWgDERm371yeuEmqcIfi9b9+GbMSJbi
ZHc/CcCl0lJu0a9zTXA9w47H9/t6leduGxb4WeLxcwCiUgvFtCa51Iklt8nNbcKY
/4dw1ex+7amATUQO4QggIE67wVIPu6bgAE3Ja/nRS3xKYSnj8H5TehimBSv6TECi
i5jUhOWryAK4dVo8hCjkjEkzu3ufBTJapnv89g9OE+H3VKM4L+/KdkUO+52djFKn
hyl47d7cZR4DY4LIuFM2P1As8YyjzoNpK/urSRI14WdIlplR1nH7KNDl5618yfVP
0IFJZBGrooCRBjOSwFv8cpWCbmWdPaCQT2nwIjTfY8c=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgIEAUOdPjANBgkqhkiG9w0BAQsFADAnMQ4wDAYDVQQKEwVD
aXNjbzEVMBMGA1UEAxMMQUNUMiBTVURJIENBMB4XDTE3MDExMDE2NDUyOVoXDTI3
MDExMDE2NDUyOVowYTEjMCEGA1UEBRMaUElEOldTLVhTVVAgU046SkFFMjA1MDA3
MzAxDjAMBgNVBAoTBUNpc2NvMRgwFgYDVQQLEw9BQ1QtMiBMaXRlIFNVREkxEDAO
BgNVBAMTB1dTLVhTVVAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDH
gbjvf7kfaYRtHwlCoLWS0Cb/eXXJlxZ1ardp4EwXq0QaGHbEs8B4oMPdZkpOb/e4
TGY4f9qMrr9wDXikDh0hwl0CUf2Towm20lRILHkfotD1k9joWH+0oQKkU/rTQ/6n
tMOe1SRNFaLOlPC9msNTSX4Gtdud+u9YQMN56lSG/w0D2ywbo9f08T+cAb3xUqkx
BDHcApdBWXNGdRWFJRaoSFoSUD8U7/hJxmThYOZz5Mkm8d2cuF2qgVTvvsx94rIA
dXH6881L85EkdG0rMrOCxtblytdo4MfEDwIxGG0+Dx/HAbuo8Gr/tYvzanPos8pz
dgCW0/LX85uB8WxR8HfjAgMBAAGjbzBtMA4GA1UdDwEB/wQEAwIF4DAMBgNVHRMB
Af8EAjAAME0GA1UdEQRGMESgQgYJKwYBBAEJFQIDoDUTM0NoaXBJRD1VWUpOVTFj
eUNRR2NWSFZsSUU5amRDQXlOeUF4T0RveE1Ub3hPU0FVVVhNPTANBgkqhkiG9w0B
AQsFAAOCAQEAu6FDk+dlubG6g+WyhKHHhuwu3U873Oieh0QfODYe7Ew5RmA2b8BE
o5vD7TDjUGOXgKEkw7laNfrSQIPVQhasnGGseLMC1podxiq8Zw77js9C1rUlxLIz
vMqmChSmyhR1G41tHkpzrsD8dFJohg+AwBQwLmyplmYidW9hojiwOVp+3CV2674I
WAQDi7rbqdhMHQz+LKbsnjseb1/6gkFSH3UEVGcOHEihE6uEEH2V3ZOjfPKzwQHy
n39DnxwNSgRIilFQMia11+i6CmkC4uyHRDYm7tDxxeDqxdALSHefFwPgrIuuQSj0
UdQ5vdQXm0ao7DCw5dv0mCA9stGQUS1MWw==
-----END CERTIFICATE-----
Signature version: 1
Signature:
49FA6BDC5CCD77C12F0E3EDD21D08AFA893AF8B5992365BC7AFF39CE5FD9ADE23DFFF29F50B9200C6D6DAC3A4E4ABD1605F39305663B93B56CB1CB46D78014F58CB46CFDF578F051533859EE91B8A5FAD4763ADE57B1A2ED2304A35AAEDF6B62967FBF4E7EA5A5A64085D9CC2FEFC0210BA5E97CD651625BDF5711F1D5C5571B9E5DD6EAF31C9FCB428F61B562885723F55179D7813500C93DDD5D98E5E39D4061A466067E04FFC050EDFE5F1836AE258C60C482D9452D6FC175C1354384F503FBB74DED3AFF80D580CE23F88FEFCFD565B116B85A60FBA6A8EDC3FE5AE2271D1D47085B3BDBA2F29C3935220B1A4B241B7C59EBBD8BA4E3DFEF174082EC072D
The optional RSA 2048 signature is across the three certificates, the signature version and the
user-provided nonce.
RSA PKCS#1v1.5 Sign {<Nonce (UINT64)> || <Signature Version (UINT32)> || <Cisco Root CA
2048 cert (DER)> ||
<Cisco subordinate CA (DER)> || <SUDI certificate (DER)> }
Cisco management solutions are equipped with the ability to interpret the above output. However,
a simple script using OpenSSL commands can also be used to display the identity of the platform
and to verify the signature, thereby ensuring its Cisco unique device identity.
[linux-host:~]openssl x509 -in sudicert.pem -subject -noout
subject= /serialNumber=PID:WS-XC7R SN:FDO1946BG05/O=Cisco/OU=ACT-2 Lite SUDI/CN=WS-XC7R
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
43
Boot Integrity Visibility
Verifying Platform Identity and Software Integrity
To Next Page
Loading...
