Dell PowerSwitch S5212F-ON OS10 Enterprise Edition User Guide Release 10.4.3.0 - Page 835
Country Name 2 letter code [US], If you enter
![]() |
View all Dell PowerSwitch S5212F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 835 highlights
If you do specify the cert-file option, you are prompted to enter the other parameter values for the certificate interactively; for example: You are about to be asked to enter information that will be incorporated in your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value; if you enter '.', the field will be left blank. Country Name (2 letter code) [US]: State or Province Name (full name) [Some-State]:California Locality Name (eg, city) []:San Francisco Organization Name (eg, company) []:Starfleet Command Organizational Unit Name (eg, section) []:NCC-1701A Common Name (eg, YOUR name) [hostname]:S4148-001 Email Address []:[email protected] The switch uses SHA-256 as the digest algorithm. The public key algorithm is RSA with a 2048-bit modulus. NOTE: When using self-signed X.509v3 certificates with Syslog and RADIUS servers, configure the server to accept self-signed certificates. Syslog and RADIUS servers require mutual authentication, which means that the client and server must verify each other's certificates. The best practice is to configure a CA server to sign certificates for all trusted devices in the network. Install self-signed certificate • Install a self-signed certificate and key file in EXEC mode. crypto cert install cert-file home://cert-filename key-file {key-path | private} [password passphrase] [fips] - cert-file cert-path specifies a source location for a downloaded certificate; for example, home://s4048-001cert.pem or usb://s4048-001-cert.pem. - key-file {key-path | private} specifies the local path to retrieve the downloaded or locally generated private key. Enter private to install the key from a local hidden location and rename the key file with the certificate name. - password passphrase specifies the password used to decrypt the private key if it was generated using a password. - fips installs the certificate-key pair as FIPS-compliant. Enter fips to install a certificate-key pair that is used by a FIPS-aware application, such as RADIUS over TLS. If you do not enter fips, the certificate-key pair is stored as a non-FIPS compliant pair. NOTE: You determine if the certificate-key pair is generated as FIPS-compliant. Make sure that FIPS-compliant certificate-key pairs are not used outside of FIPS mode. - If you enter fips after using the key-file private option in the crypto cert generate request command, a FIPScompliant private key is stored in a hidden location in the internal file system that is not visible to users. If the certificate installation is successful, the file name of the self-signed certificate and its common name are displayed. Use the file name to configure the certificate in a security profile (crypto security-profile command). Example: Generate and install self-signed certificate and key OS10# crypto cert generate self-signed cert-file home://DellHost.pem key-file home:// DellHost.key email [email protected] length 1024 altname DNS:dell.domain.com validity 365 Processing certificate ... Successfully created certificate file /home/admin/DellHost.pem and key OS10# crypto cert install cert-file home://DellHost.pem key-file home://DellHost.key Processing certificate ... Certificate and keys were successfully installed as "DellHost.pem" that may be used in a security profile. CN = DellHost. Display self-signed certificate OS10# show crypto cert Installed non-FIPS certificates DellHost.pem Security 835
![](/manual_guide/products/dell-powerswitch-s3048on-os10-enterprise-edition-user-guide-release-10430-cc9d5f5/835.png)