Configuring Certificate Authorities and Digital Certificates
Example
Note
After you delete RSA key-pairs from a switch, ask the CA administrator to revoke your switch's
certificates at the CA. You must supply the challenge password you created when you originally
requested the certificates. See
Displaying Key-Pair and CA Information
To view key-pair and CA information, use the following commands in EXEC mode:
Command
switch# show crypto key mypubkey rsa
switch# show crypto ca certificates
switch# show crypto ca crl
switch# show crypto ca trustpoints
Example Configurations
This section shows an example of the tasks you can use to configure certificates and CRLs on the Cisco MDS
9000 Family switches using the Microsoft Windows Certificate server.
This section includes the following topics:
Configuring Certificates on the MDS Switch
To configure certificates on an MDS switch, follow these steps:
Procedure
Step 1
Configure the switch FQDN.
switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
switch(config)# switchname Vegas-1
Vegas-1(config)#
Step 2
Configure the DNS domain name for the switch.
Vegas-1(config)# ip domain-name cisco.com
Vegas-1(config)#
Step 3
Create a trust point.
Generating Certificate Requests, on page
Purpose
Displays information about the switch's RSA public keys.
Displays information on CA and identity certificates.
Displays information about CA CRLs.
Displays information about CA trust points.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Displaying Key-Pair and CA Information
125.
131