Dell PowerSwitch S4112F-ON SmartFabric OS10 Security Best Practices Guide July - Page 25

Example: Con CDP, Example: Install CRL, Con security profiles, issuer=C=US

Get Dell PowerSwitch S4112F-ON PDF manuals and user guides View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals

Page 25 highlights

1. Configure the URL for a certificate distribution point in EXEC mode. OS10# crypto cdp add cdp-name cdp-url Verify the CDPs accessed by the switch in EXEC mode. OS10# show crypto cdp [cdp-name] To delete an installed CDP, use the crypto cdp delete cdp-name command. 2. Install CRLs that have been downloaded from CDPs in EXEC mode. OS10# crypto crl install crl-path [crl-filename] Display a list of the CRLs installed on the switch in EXEC mode. OS10# show crypto crl [crl-filename] To delete a manually installed CRL that was configured with the crypto crl install command, use the crypto crl delete [crl-filename] command. Example: Configure CDP OS10# crypto cdp add cert1_cdp http://crl.chambersign.org/chambersignroot.crl Successfully added CDP OS10# show crypto cdp Manually installed CDPs cert1_cdp.crl_url Automatically installed CDPs Example: Install CRL OS10# crypto crl install home://pki-regression/Network_Solutions_Certificate_ Authority.0.crl.pem Processing file ... issuer=C=US,O=Network Solutions L.L.C.,CN=Network Solutions Certificate Authority.0.crl.pem lastUpdate=Jul 7 04:15:08 2019 GMT nextUpdate=Jul 11 04:15:08 2019 GMT OS10# show crypto crl Manually installed CRLs Network_Solutions_Certificate_Authority.0.crl.pem Downloaded CRLs Configure security profiles To use independent sets of security credentials for different OS10 applications, you can configure multiple security profiles and assign them to OS10 applications. A security profile consists of a certificate and private key pair. For example, you can maintain different security profiles for RADIUS over TLS authentication and SmartFabric services. Assign a security profile to an application when you configure the profile. When you install a certificate-key pair, both take the name of the certificate. For example, if you install a certificate using: OS10# crypto cert install cert-file home://Dell_host1.pem key-file home://abcd.key The certificate-key pair is installed as Dell_host1.pem and Dell_host1.key. In configuration commands, enter the pair as Dell_host1. When you configure a security profile, you enter Dell_host1 in the certificate certificate-name command. • Create an application-specific security profile in CONFIGURATION mode. OS10(config)# crypto security-profile profile-name OS10 security best practices 25

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
1.
Configure the URL for a certificate distribution point in EXEC mode.
OS10# crypto cdp add
cdp-name
cdp-url
Verify the CDPs accessed by the switch in EXEC mode.
OS10# show crypto cdp [
cdp-name
]
To delete an installed CDP, use the
crypto cdp delete
cdp-name
command.
2.
Install CRLs that have been downloaded from CDPs in EXEC mode.
OS10# crypto crl install crl-path [crl-filename]
Display a list of the CRLs installed on the switch in EXEC mode.
OS10# show crypto crl [crl-filename]
To delete a manually installed CRL that was configured with the
crypto crl install
command, use the
crypto crl delete
[
crl-filename
]
command.
Example: Configure CDP
OS10# crypto cdp add cert1_cdp http://crl.chambersign.org/chambersignroot.crl
Successfully added CDP
OS10# show crypto cdp
--------------------------------------
| Manually installed CDPs |
--------------------------------------
cert1_cdp.crl_url
--------------------------------------
| Automatically installed CDPs |
--------------------------------------
Example: Install CRL
OS10# crypto crl install home://pki-regression/Network_Solutions_Certificate_
Authority.0.crl.pem
Processing file ...
issuer=C=US,O=Network Solutions L.L.C.,CN=Network Solutions Certificate Authority.0.crl.pem
lastUpdate=Jul 7 04:15:08 2019 GMT
nextUpdate=Jul 11 04:15:08 2019 GMT
OS10# show crypto crl
--------------------------------------
| Manually installed CRLs |
--------------------------------------
Network_Solutions_Certificate_Authority.0.crl.pem
--------------------------------------
| Downloaded CRLs |
--------------------------------------
Configure security profiles
To use independent sets of security credentials for different OS10 applications, you can configure multiple security profiles and assign
them to OS10 applications. A security profile consists of a certificate and private key pair.
For example, you can maintain different security profiles for RADIUS over TLS authentication and SmartFabric services. Assign a security
profile to an application when you configure the profile.
When you install a certificate-key pair, both take the name of the certificate. For example, if you install a certificate using:
OS10# crypto cert install cert-file home://Dell_host1.pem key-file home://abcd.key
The certificate-key pair is installed as
Dell_host1.pem
and
Dell_host1.key
. In configuration commands, enter the pair as
Dell_host1
. When you configure a security profile, you enter
Dell_host1
in the
certificate certificate-name
command.
Create an application-specific security profile in CONFIGURATION mode.
OS10(config)# crypto security-profile profile-name
OS10 security best practices
25