Configuring Secure Socket Layer (SSL)

Configuring the Switch for SSL Operation

N o t e :

N o t e :

To Generate or Erase the Switch’s Server Certificate with the

CLI

Because the host certificate is stored in flash instead of the running-config file, it is not necessary to use write memory to save the certificate. Erasing the host certificate automatically disables SSL.

CLI commands used to generate a Server Host Certificate.

Syntax: crypto key generate cert [rsa] < 512 768 1024 >

Generates a key pair for use in the certificate.

crypto key zeroize cert

Erases the switch’s certificate key and disables SSL opera- tion.

crypto host-cert generate self-signed [arg-list]

Generates a self signed host certificate for the switch. If a switch certificate already exists, replaces it with a new certificate. (See the Note on page 7-9.)

crypto host-cert zeroize

Erases the switch’s host certificate and disables SSL opera- tion.

To generate a host certificate from the CLI:

i.Generate a certificate key pair. This is done with the crypto key generate cert command. The default key size is 512.

If a certificate key pair is already present in the switch, it is not necessary to generate a new key pair when generating a new certificate. The existing key pair may be re-used and the crypto key generate cert command does not have to be executed

ii.Generate a new self-signed host certificate. This is done with the crypto host-cert generate self-signed [ Arg-List ] command.

When generating a self-signed host certificate on the CLI if there is not certificate key generated this command will fail.

7-10

Page 170
Image 170
HP 2626 (J4900A/B), 4100gl, 2650 (J4899A/B), 2600-PWR, 6108 To Generate or Erase the Switch’s Server Certificate with, Cli