S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
34-7
Cisco MDS 9000 Family CLI Configuration Guide
OL-16184-01, Cisco MDS SAN-OS Release 3.x
Chapter 34 Configuring Certificate Authorities and Digital Certificates
Configuring CAs and Digital Certificates
To generate an RSA key-pair, follow these steps:
Command
Purpose
Step 1
switch#
config terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)#
crypto key generate rsa
Generates an RSA key-pair with the switch
FQDN as the default label and 512 as the
default modulus. By default, the key is not
exportable.
Note
The security policy (or
requirement) at the local site (MDS
switch) and at the CA (where
enrollment is planned) are
considered in deciding the
appropriate key modulus.
Note
The maximum number of key-pairs
you can configure on a switch is
16.
switch(config)#
crypto key generate rsa label
SwitchA modulus 768
Generates an RSA key-pair with the label
SwitchA and modulus 768. Valid modulus
values are 512, 768, 1024, 1536, and 2048.
By default, the key is not exportable.
switch(config)#
crypto key generate rsa exportable
Generates an RSA key-pair with the switch
FQDN as the default label and 512 as the
default modulus. The key is exportable.
Caution
The exportability of a key-pair
cannot be changed after key-pair
generation.
Note
Only exportable key-pairs can be
exported in PKCS#12 format.