388Managing Keys and Certificates

Creating Public-Private Key Pairs

To use a self-signed certificate or Certificate Signing Request (CSR) certificate for WSS switch authentication, you must generate a public-private key pair.

To create a public-private key pair, use the following command:

crypto generate key {admin eap ssh webaaa} {512 1024 2048}

Choose the key length based on your need for security or to conform with your organization’s practices. For example, the following command generates an administrative key pair of 1024 bits:

23x0# crypto generate key admin 1024

admin key pair generated

Note. After you generate or install a certificate (described in the following sections), do not create the key pair again. If you do, the certificate might not work with the new key, in which case you will need to regenerate or reinstall the certificate.

320657-A

Page 388
Image 388
Nortel Networks 2300 manual Creating Public-Private Key Pairs, Crypto generate key admin eap ssh webaaa 512 1024