Dell PowerSwitch S4128F-ON OS10 Enterprise Edition User Guide Release 10.4.3.0 - Page 831

70:18:7e:76:66:ca:13:1c:e3:9c:4d:aa:d3:67:96:be:d9:49: 5c:69:10:75:26:53:f7:50:39:06:15:d1:3a:87:47:f6:92:a2: d4:91:35:29:b7:4b:ea:56:4c:13:5e:32:7f:c7:3f:4c:46:67: 54:8d:67:60:38:98:75:da:24:f2:64:b9:24:a1:e3:5b:42:66: 4c:c7:cb:ee:c3:ca:bd:87:1b:7a:fc:35:53:2d:74:68:db:a7: 47:db:03:a3:30:52:af:67:7f:54:a4:de:60:ca:ae:94:43:f8: 98:85:fc:18:9b:b1:db:81:44:57:0b:be:6a:56:9d:2f:7d:75: c2:22:a4:7c:d7:ee:f8:de:10:11:26:60:35:1c:4c:87:2e:a2: fb:1f:5f:30:6c:11:c1:fa:f2:5b:46:02:0a:18:2f:02:a4:99: f2:43:29:cf:e6:5b:8a:d0:ec:42:bf:49:c6:8a:7e:b4:53:38: 03:1b:fd:a9:49:88:b5:f1:42:93:c7:78:38:6c:2a:1c:be:83: 97:27:b1:26:eb:16:44:ce:34:02:53:45:08:30:c9:3a:76:83: 10:f3:af:c7:6f:0c:74:ec:81:ea:d9:c4:20:a5:1d:72:64:52: 7b:e8:30:1a:9e:3a:05:9c:8a:69:e5:b7:43:b3:36:08:f2:e0: fb:88:d9:c1:b6:f4:4a:23:27:31:3a:51:b3:68:c9:6f:3e:f5: dd:98:4d:07:38:ed:f4:d3:ed:06:4c:84:87:3d:cf:f3:2e:e5: 1a:b6:00:71:4c:51:35:c8:95:e4:c6:7e:82:47:d3:25:64:a4: 0b:31:53:d0:e4:6b:97:98:21:4b:fc:e7:12:be:69:01:d8:b5: 74:f5:b6:39:22:8a:8c:39:23:0f:be:4b:0f:9a:01:ac:b8:5b: 12:cb:94:06:30:f5:74:45:20:af:ab:d6:af:21:0c:d8:62:84: 18:c2:cf:4f:be:73:c9:33 Delete CA server certificate OS10# crypto ca-cert delete Dell_rootCA1.crt Successfully removed certificate Request and install host certificates OS10 also supports the switch obtaining its own X.509v3 host certificate. In this procedure, you generate a certificate signing request (CSR) and a private key. Store the private key locally in a secure location. Copy the CSR file to a certificate authority. The CA generates a host certificate for an OS10 switch by digitally signing the switch certificate contained in the CSR. The administrator then copies the CA-signed host certificate to the home directory on the switch. Because a local private key is created when the CSR is generated, it is not necessary to install a private key using an uploaded file. The switch presents its own host certificate to clients that require authentication, such as Syslog and RADIUS servers over TLS and HTTPS connections. The certificate is digitally signed with the private key of the OS10 switch. OS10 supports multiple host certificates so that you can use different certificates with different applications. For more information, see Security profiles. To obtain a host certificate from a CA: 1 Create a private key and generate a certificate signing request for the switch. 2 Copy the CSR file to a CA server. 3 Copy the CA-signed certificate to the home directory on the switch. Install the trusted certificate. Generate a certificate signing request and private key • Create a private key and a CSR in EXEC mode. Store the CSR file in the home directory or flash: so that you can later copy it to a CA server. Specify a keypath to store the device.key file in a secure persistent location, such as the home directory, or use the private option to store the key file in a private hidden location in the internal file system that is not visible to users. crypto cert generate request [cert-file cert-path key-file {private | keypath}] [country 2-letter code] [state state] [locality city] [organization organization-name] [orgunit unit-name] [cname common-name] [email email-address] [validity days] [length length] [altname alt-name] If you enter the cert-file option, you must enter all the following required parameters, such as the local paths where the certificate and private key are stored, country code, state, locality, and other values. Security 831