9-8
Configuring Secure Socket Layer (SSL)
Configuring the Switch for SSL Operation
CLI commands used to generate a Server Host Certificate.  
To generate a host certificate from the CLI: 
i. Generate a certificate key pair. This is done with the crypto key 
generate cert command. The default key size is 512. 
Note If a certificate key pair is already present in the switch, it is not necessary to 
generate a new key pair when generating a new certificate. The existing key 
pair may be re-used and the crypto key generate cert command does not have 
to be executed
ii. Generate a new self-signed host certificate. This is done with the 
crypto host-cert generate self-signed [Arg-List] command. 
Note When generating a self-signed host certificate on the CLI if there is not 
certificate key generated this command will fail.
 Comments on Certificate Fields. 
There are a number arguments used in the generation of a server certificate. 
table 9-1, “Certificate Field Descriptions” describes these arguments.
Syntax: crypto key generate cert rsa bits < 512 | 768 |1024 > 
Generates a key pair for use in the certificate. 
crypto key zeroize cert
Erases the switch’s certificate key and disables SSL opera-
tion.
crypto host-cert generate self-signed [arg-list]
Generates a self signed host certificate for the switch. If a 
switch certificate already exists, replaces it with a new 
certificate. (See the Note, above.)
crypto host-cert zeroize
Erases the switch’s host certificate and disables SSL opera-
tion.