PurposeCommand or Action
Specifies an SSH X.509 certificate distinguished name
and DSA or RSA algorithm to use for authentication for
username user-id ssh-cert-dn dn-name
{dsa | rsa}
Step 3
an existing user account. The distinguished name can be
Example:
switch(config)# username jsmith
ssh-cert-dn "/O = ABCcompany, OU
up to 512 characters and must follow the format shown
in the examples. Make sure the email address and state
are configured as emailAddress and ST, respectively.
= ABC1,
emailAddress =
jsmith@ABCcompany.com, L =
Metropolis, ST = New York, C = US,
CN = jsmith" rsa
Configures a trustpoint.
[no] crypto ca trustpoint trustpoint
Example:
switch(config)# crypto ca
trustpoint winca
Step 4
Configures a certificate chain for the trustpoint.[no] crypto ca authentication
trustpoint
Step 5
Example:
switch(config)# crypto ca
authentication winca
Configures the certificate revocation list (CRL) for the
trustpoint. The CRL file is a snapshot of the list of
crypto ca crl request trustpoint
bootflash:static-crl.crl
Step 6
revoked certificates by the trustpoint. This static CRL list
Example:
switch(config)# crypto ca crl
request winca
bootflash:crllist.crl
is manually copied to the device from the Certification
Authority (CA).
Static CRL is the only supported revocation
check method.
Note
(Optional)
Displays the configured certificate chain and associated
trustpoint.
show crypto ca certificates
Example:
switch(config)# show crypto ca
certificates
Step 7
(Optional)
Displays the contents of the CRL list of the specified
trustpoint.
show crypto ca crl trustpoint
Example:
switch(config)# show crypto ca crl
winca
Step 8
(Optional)
Displays configured user account details.
show user-account
Example:
switch(config)# show user-account
Step 9
(Optional)
Displays the users logged into the device.
show users
Example:
switch(config)# show users
Step 10
Cisco Nexus 3600 NX-OS Security Configuration Guide, Release 7.x
69
Configuring SSH and Telnet
Configuring X.509v3 Certificate-Based SSH Authentication
To Next Page
Loading...
