Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module
crypto key generate
crypto key generate
To generate RSA key pairs, use the crypto key generate command.
crypto key generate rsa
|
| size] |
|
|
|
|
|
Syntax Description |
|
| Generate a general purpose RSA key pair for signing and encryption |
|
|
|
|
|
|
| Generate seperate RSA key pairs for signing and encryption |
|
|
|
|
|
| label | Specifies the key. |
|
|
|
|
|
| exportable | (Optional) Specifies that the key is allowed to be exported. |
|
|
|
|
|
| modulus size | (Optional ) Specifies the modulus length in bits; valid values are 512, 768, |
|
|
| 1024, 1536, and 2048 bits. See the “Usage Guidelines” section for more |
|
|
| information. |
|
|
| |
|
|
|
|
Defaults |
| This command has no default settings. | |
Command Modes
Command History
Global configuration
Release | Modification |
WebVPN Services | Support for this command was introduced on the Catalyst 6500 series |
Module Release 1.1 | switches. |
|
|
Usage Guidelines The WebVPN Services Module supports up to eight levels of certificate authority (one root certificate authority and up to seven subordinate certificate authorities).
You can specify that a key is exportable during key generation. Once the key is generated as either exportable or not exportable, it cannot be modified for the life of the key.
Note The WebVPN Services Module supports modulus lengths of 512, 768, 1024, 1536, and 2048 bits. Although you can specify 512 or 768, we recommend a minimum modulus length of 1024. A longer modulus takes longer to generate and takes longer to use, but it offers better security.
After you generate a key pair, you can test the SSL service by generating a
Catalyst 6500 Series Switch WebVPN Module Command
|
| ||
|
|