crypto key generate rsa
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
crypto key generate rsa
To generate an RSA key pair, use the crypto key generate rsa command in configuration mode.
Syntax Description
label key-pair-label
exportable
modulus key-pair-size
Defaults
By default, the key is not exportable.
The default label is switch FQDN.
The default modulus is 512.
Command Modes
Configuration mode.
Command History
Release
3.0(1)
Usage Guidelines
You can generate one or more RSA key pairs and associate each RSA key pair with a distinct trust point
CA, where the MDS switch enrolls to obtain identity certificates. The MDS switch needs only one
identity per CA, which consists of one key pair and one identity certificate.
Cisco MDS SAN-OS allows you to generate RSA key pairs with a configurable key size (or modulus).
The default key size is 512. Valid modulus values are 512, 768, 1024, 1536, and 2048.
You can also configure an RSA key pair label. The default key pair label is FQDN.
Examples
The following example shows how to configure an RSA key pair called newkeypair.
switch# config terminal
switch(config)# crypto key generate rsa label newkeypair
The following example shows how to configure an RSA key pair called testkey, of size 768, that is
exportable.
switch# config terminal
switch(config)# crypto key generate rsa label testkey exportable modulus 768
Cisco MDS 9000 Family Command Reference
4-124
crypto key generate rsa [label key-pair-label] [exportable] [modulus key-pair-size]
Modification
This command was introduced.
Specifies the name of the key pair. The maximum size is 64 characters.
Configures the key pair to be exportable.
Specifies the size of the key pair. The size ranges from 512 to 2048.
Chapter 4
C Commands
OL-8413-07, Cisco MDS SAN-OS Release 3.x