Purpose
Command or Action
Example:
certificates by the trustpoint. This static CRL list is
manually copied to the device from the Certification
Authority (CA).
switch(config-trustpoint)# crypto ca crl request
winca bootflash:crllist.crl
Static CRL is the only supported revocation
check method.
Note
To delete the CRL, enter the
delete crl
command.
Note
Displays the configured certificate chain and associated
trustpoint.
(Optional)
show crypto ca certificates
Example:
Step 7
switch(config-trustpoint)# show crypto ca
certificates
Displays the contents of the CRL list of the specified
trustpoint.
(Optional)
show crypto ca crl trustpoint
Example:
Step 8
switch(config-trustpoint)# show crypto ca crl
winca
Displays configured user account details.
(Optional)
show user-account
Example:
Step 9
switch(config-trustpoint)# show user-account
Displays the users logged into the device.
(Optional)
show users
Example:
Step 10
switch(config-trustpoint)# show users
Copies the running configuration to the startup
configuration.
(Optional)
copy running-config startup-config
Example:
Step 11
switch(config-trustpoint)# copy running-config
startup-config
Configuring Legacy SSH Algorithm Support
You can configure support for legacy SSH security algorithms, message authentication codes (MACs), key
types, and ciphers.
SUMMARY STEPS
1.
configure terminal
2.
(Optional)
ssh kexalgos all
3.
(Optional)
ssh macs all
4.
(Optional)
ssh ciphers all
5.
(Optional)
ssh keytypes all
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
141
Configuring SSH and Telnet
Configuring Legacy SSH Algorithm Support