Dell PowerSwitch S4112F-ON SmartFabric OS10 Security Best Practices Guide July - Page 25
Example: Con CDP, Example: Install CRL, Con security profiles, issuer=C=US
View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
1. Configure the URL for a certificate distribution point in EXEC mode. OS10# crypto cdp add cdp-name cdp-url Verify the CDPs accessed by the switch in EXEC mode. OS10# show crypto cdp [cdp-name] To delete an installed CDP, use the crypto cdp delete cdp-name command. 2. Install CRLs that have been downloaded from CDPs in EXEC mode. OS10# crypto crl install crl-path [crl-filename] Display a list of the CRLs installed on the switch in EXEC mode. OS10# show crypto crl [crl-filename] To delete a manually installed CRL that was configured with the crypto crl install command, use the crypto crl delete [crl-filename] command. Example: Configure CDP OS10# crypto cdp add cert1_cdp http://crl.chambersign.org/chambersignroot.crl Successfully added CDP OS10# show crypto cdp Manually installed CDPs cert1_cdp.crl_url Automatically installed CDPs Example: Install CRL OS10# crypto crl install home://pki-regression/Network_Solutions_Certificate_ Authority.0.crl.pem Processing file ... issuer=C=US,O=Network Solutions L.L.C.,CN=Network Solutions Certificate Authority.0.crl.pem lastUpdate=Jul 7 04:15:08 2019 GMT nextUpdate=Jul 11 04:15:08 2019 GMT OS10# show crypto crl Manually installed CRLs Network_Solutions_Certificate_Authority.0.crl.pem Downloaded CRLs Configure security profiles To use independent sets of security credentials for different OS10 applications, you can configure multiple security profiles and assign them to OS10 applications. A security profile consists of a certificate and private key pair. For example, you can maintain different security profiles for RADIUS over TLS authentication and SmartFabric services. Assign a security profile to an application when you configure the profile. When you install a certificate-key pair, both take the name of the certificate. For example, if you install a certificate using: OS10# crypto cert install cert-file home://Dell_host1.pem key-file home://abcd.key The certificate-key pair is installed as Dell_host1.pem and Dell_host1.key. In configuration commands, enter the pair as Dell_host1. When you configure a security profile, you enter Dell_host1 in the certificate certificate-name command. • Create an application-specific security profile in CONFIGURATION mode. OS10(config)# crypto security-profile profile-name OS10 security best practices 25