Cisco MDS-9124 Troubleshooting Guide - Page 477
Maximum Limits, Initial Troubleshooting Checklist, Common Troubleshooting Tools in Fabric Manager
View all Cisco MDS-9124 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 477 highlights
Chapter 24 Troubleshooting Digital Certificates Initial Troubleshooting Checklist Send documentation comments to [email protected] 4. Might require manual intervention at the CA server by the CA administrator to approve the enrollment request when it is received by the CA. 5. Receive the issued certificate back from the CA, signed with the CA's private key. 6. Write the certificate into a nonvolatile storage area on the switch (bootflash). Cisco MDS SAN-OS supports certificate retrieval and enrollment using a manual cut-and-paste method. Cut-and-paste enrollment literally means you must cut and paste the certificate requests and resulting certificates between the switch (using a console, Telnet, or SSH connection) and the CA, as follows: 1. Create an enrollment certificate request, which is displayed in base64-encoded text form. 2. Cut and paste the encoded certificate request text in an e-mail message or in a web form and send it to the CA. 3. Receive the issued certificate (in base64-encoded text form) from the CA in an e-mail message or in a web browser download. 4. Cut and paste the issued certificate to the switch using the certificate import facility. Maximum Limits Table 24-1 lists the maximum limits for CAs and digital certificate parameters. Table 24-1 Maximum Limits for CA and Digital Certificate Feature Trust points declared on a switch RSA key pairs generated on a switch Identity certificates configured on a switch Certificates in a CA certificate chain Trust points authenticated to a specific CA Maximum Limit 16 16 16 10 10 Initial Troubleshooting Checklist Begin troubleshooting digital certificates issues by checking the following issues first: Checklist Check off Verify that the fully qualified domain name (FQDN) has been configured on the switch. Verify that all the CA certificates in a CA chain for a trusted CA are added to the switch if the CA is not self-signed. Verify that you have installed your identity certificates. Verify that you have revoked your identity certificates if you delete the associated RSA key pairs. Common Troubleshooting Tools in Fabric Manager Choose Switches > Security > PKI to access digital certificates. OL-9285-05 Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x 24-3