Cisco Catalyst 9200 Series, Configuration Manual

Page: 61 / 276

HhcNMTEwNjMwMTc1NjU3WhcNMjkwNTE0MjAyNTQyWjAnMQ4wDAYDVQQKEwVDaXNj
bzEVMBMGA1UEAxMMQUNUMiBTVURJIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEA0m5l3THIxA9tN/hS5qR/9aE2JbFkNjht6gfHKd477AkS
5XAtUs5oxDYVt/zLR6qrqKKQVu6JYvH05UYLBqCj38s76NLk53905Wzp
9pRa6tHF/qRuOiJ44mdeDYZo3qPCpxzprWJDPclM4iYKHumM
xghHIooWS80BOcdiynEbeP5rZ7qRuewKMpl1TiI3WdBNjZjnP4SaDkGb
BXdGEyFWLrF8oauV43Qrvnf3d/Gz/sXlXtEOjSXJ
URsyMEj53Rdd9tJwHky8r+kdVQIDAQABo4IBWjCCAVYwCwYDVR0PBAQD
AgHGMB0GA1UdDgQWBBRI2PHxwnDVW7t8cwmTr7i4MAP4fzAfBgNVHSMEGDAWgBQn
88gVHm6aAgkWrSugiWBf2nsvqjBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vd3d3
LmNpc2NvLmNvbS9zZWN1cml0eS9wa2kvY3JsL2NyY2EyMDQ4LmNybDBQBggrBgEF
BQcBAQREMEIwQAYIKwYBBQUHMAKGNGh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3Vy
aXR5L3BraS9jZXJ0cy9jcmNhMjA0OC5jZXIwXAYDVR0gBFUwUzBRBgorBgEEAQkV
AQwAMEMwQQYIKwYBBQUHAgEWNWh0dHA6Ly93d3cuY2lzY28uY29tL3NlY3VyaXR5
L3BraS9wb2xpY2llcy9pbmRleC5odG1sMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJ
KoZIhvcNAQEFBQADggEBAGh1qclr9tx4hzWgDERm371yeuEmqGbMSJbi
ZHc/CcCl0lJu0a9zTXA9w47H9/t6leduGxb4WeLxcwCiUgvFtCa51Iklt8nNbcKY
/7amATUQO4QggIE67wVIPu6bgAE3Ja/nRS3xKYSnj8H5TehimBSv6TECi
i5jUhOWryAK4dVo8hCjkjEkzu3ufBTJapn/KdkUO+52djFKn
hyl47d7cZR4DY4LIuFM2P1As8YyjzoNpK/urSRI14WdIlplR1nH7KNDl5618yfVP
0IFJZBGrooCRBjOSwFv8cpWCbmWdPaCQT2nwIjTfY8c=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDgTCCAmmgAwIBAgIEAp4UYzANBgkqhkiG9w0BAQsFADAnMQ4wDAYDVQQKEwVD
aXNjbzEVMBMGA1UEAxMMQUNUMiBTVURJIENBMB4XDTE4MDYwNTAzNDUwNVoXDTI5
MDUxNDIwMjU0MVowbTEpMCcGA1UEBRMgUElEOkM5MjAwTC0yNFQtNEcgU046SlBH
MjIwMjAwQTgxDjAMBgNVBAoTBUNpc2NvMRgwFgYDVQQLEw9BQ1QtMiBMaXRlIFNV
REkxFjAUBgNVBAMTDUM5MjAwTC0yNFQtNEcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDBm2Dg0GWQ18wLTKxeCt87DL8KlRbx8Db1IigHjzebBXMpx7Ja
6Cp+kwRrIWGi5AmNmVvFV6LdNg18c6nqmSmnuXMerD1UEMMK
bkFl4ydn1EIMoW/zaLM2A5bpQXVndiKq1v0NA2P8AELdDG/D
3SyH5vu3NjyMn/ILp9O6E8KC5FclR2cfvWlQvoFM
ZEWmHd4hhmDexIvzZq0H7PxS0kT4vYQ9xWQEwavJAL44k0uY
JxKP6bDNssSLZ2s4/2OBsODjyBhb0GwrOAHdAgMBAAGjbzBtMA4GA1UdDwEB/wQE
AwIF4DAMBgNVHRMBAf8EAjAAME0GA1UdEQRGMESgQgYJKwYBBAEJFQIDoDUTM0No
aXBJRD1RRGx6T0FZUHQwRTJJRVFFQUFjQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFB
PTANBgkqhkiG9w0BAQsFAAOCAQEAgLUxZfNmrXZ6ZMGX69dDPkmvp9cFqXR538LF
PdypCRuSk20GF8OeDUOsuIi4mbB87JSOWvLomdBtXdnxzRu4kPZNFz/7pjAVRT3R
gwMMyiEnDWQSvy7e4SZmyVgej55e3hTW/LTeU8lCE0KRoYGDce5Phv2zdHtIsXrV
XsY+Fropfntt1FV9qqDskDWcKf0bos6VsyWUpSCEGqF7LfNnBTKYvXUUmkXHKf/d
W5HgrYt6bQ/h/+0EP+MY2wpAixW20vZfK8NzNesieB38IvuTkgefhz2s
yGCOavAxqGd0j7atcKM9Vwuy4VJZgK/t1fmTL4cawQ==
-----END CERTIFICATE-----
Signature version: 1
Signature:
2
A F 6 E D A 3 9 A 1 7 4 0 3 F 6 2 1 B B 9 4 E 8 2 4 C 4 F E 0 0 C 1 9 D 3 1 B F 9 D F A C 0 0 7 4 7 C 0 1 8 7 D F 4 0 4 0 7 7 5 0 5 6 E 0 A E 6 3 5 2 0 E 7 6 3 A 5 D F 0 F A E B 4 F A 2 B 5 B F 2 F 9 C C F 3 E 8 E D E 2 5 E 7 5 1 0 5 7 3 C F 6 6 6 9 0 2 9 F C 4 B 2 2 E 4 A 1 5 8 4 1 E D A 4 8 0 7 5 A D C B E E D 6 E 0 0 3 C 2 B 6 6 3 7 E 0 D 4 A D D B A 3 7 5 4 A A 1 F 2 E E 6 A C 3 6 A E 6 F C E 0 0 D D 0 7 5 9 0 8 1 4 8 A 2 5 7 6 7 C 8 6 F 8 1 2 1 A F 0 D E 9 5 5 3 4 0 4 6 4 1 8 A 6 7 7 1 3 2 3 C 0 2 8 0 1 C E B 6 F 4 1 2 C 1 3 1 A A 3 1 E A B 5 3 8 B 3 9 B 7 1 4 3 1 1 4 A B 0 3 3 A 3 B A D 1 E A 5 F 0 2 D 9 A 4 A F 8 9 8 0 6 B E D 6 E D A 0 8 4 7 B 3 1 0 F A B D 2 2 4 7 6 2 6 A 9 F F 1 5 0 A 8 D 3 A 8 2 3 2 3 E 1 7 C 3 D A D E C F 3 E 2 7 0 1 B 0 3 3 3 6 E A 3 2 C 3 7 1 C E 8 8 6 8 9 8 9 2 4 2 3 F 7 2 5 D 1 4 9 1 9 B F 7 7 7 D A 6 0 A 8 2 3 0 0 8 E 3 9 A 1 9 F F 6 5 B 8 2 2 6 D 8 C F 4 D 4 1 5 2 1 2 C 7 2 A 2 8 1 4 A 7 A 7 E 5 0 C C C 7 5 9 4 8 3 B 9 7 C 1 7 0 4 9 7 7 B 6 2 1 9 1 7 4 1 E A 5 0 9 6 B E 9
The optional RSA 2048 signature is across the three certificates, the signature version and the
user-provided nonce
RSA PKCS#1v1.5 Sign {<Nonce (UINT64)> || <Signature Version (UINT32)> || <Cisco Root CA
2048 cert (DER)> ||
<Cisco subordinate CA (DER)> || <SUDI certificate (DER)> }
Cisco management solutions are equipped with the ability to interpret the above output. However,
a simple script using OpenSSL commands can also be used to display the identity of the platform
and to verify the signature, thereby ensuring its Cisco unique device identity.
[linux-host:~]openssl x509 -in sudicert.pem -subject -noout
subject= /serialNumber=PID:C9200L-24T-4G SN:FDO1946BG05/O=Cisco/OU=ACT-2 Lite
SUDI/CN=C9200L-24T-4G
System Management Configuration Guide, Cisco IOS XE Gibraltar 16.10.x (Catalyst 9200 Switches)
47
Boot Integrity Visibility
Verifying Platform Identity and Software Integrity