114 Summit 300-48 Switch Software User Guide
Unified Access Security
Creating Certificates and Private Key
A default certificate and private key are stored in the NVRAM factory default settings. The following
CLI commands allow users to change the default certificate and private key.
show management Displays whether the switch has a valid private/public key
pair and the state of HTTPS access (enabled or
disabled).
Table 54: Commands to Create Certificates and Private Key
Command Description
configure ssl certificate privkeylen
<1024-4096> country <country
code> organization <org name>
common-name <common name>'
-
Creates a self signed certificate and private key that can be saved in NVRAM.
The certificate generated is in X509v3 format. The certificate generated is in
PEM format.
To create a self signed certificate, specify the following:
• Country code (exactly 2 characters),
• Organization name (max size of 64 characters) and
• Common Name (max size of 64 chars) in the command.
Any existing certificate and private key is overwritten.
Most web browsers check whether the common-name field in the received
server certificate is the same as the URL used to reach the site, otherwise
they give a warning.
The size of the certificate generated depends on the RSA Key length
(privkeylen) and the length of the other parameters (country, organization
name etc.) supplied by the user. If the RSA key length is 1024, then the
certificate size is ~ 1kb and the private key length is ~1kb. For RSA Key
length of 4096, the certificate length is ~2kb and the private key length is
~3kb.
download ssl <ip address>
certificate <cert file>
Permits downloading of a certificate key from files stored in a TFTP server. If
the operation is successful, any existing certificate will be overwritten.
Following successful download, a check is performed to find out whether the
public key in the certificate matches with the private key stored. If the private
and public keys do not match, warning message will be displayed (“Warning:
The Private Key does not match with the Public Key in the certificate.”). This
warning will act as a reminder to the user to download the private key also.
The certificate and private key file should be in PEM format and generated
using RSA as the cryptography algorithm.
download ssl <ip address>
privkey <key file>' -
Permits downloading of a private key from files stored in a TFTP server. When
this command is executed, if the private key is encrypted, the user is
prompted to enter the passphrase that was used to encrypt the private key
when the private key was generated. Only DES and 3DES encryption
mechanisms are supported for private key encryption. If the operation is
successful the existing private key will be overwritten.
After the download is successful, a check is performed to find out whether the
private key downloaded matches with the public key stored in the certificate. If
they do not match, a warning message is displayed (“Warning: The Private
Key does not match with the Public Key in the certificate.”). This warning acts
as a reminder to the user to download the corresponding certificate.
The certificate and private key file should be in PEM format and generated
using RSA as the cryptography algorithm.
Table 53: HTTP and HTTPS Access Commands
Command Description
To Next Page
Loading...
