Configuring CAs and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
•
•
•
•
Configuring the Host Name and IP Domain Name
You must configure the host name and IP domain name of the switch if they are not already configured.
This is required because switch FQDN is used as the subject in the identity certificate. Also, the switch
FQDN is used as a default key label when none is specified during key-pair generation. For example, a
certificate named SwitchA.example.com is based on a switch host name of SwitchA and a switch IP
domain name of example.com.
Changing the host name or IP domain name after generating the certificate can invalidate the certificate.
Caution
To configure the host name and IP domain name of the switch, follow these steps:
Command
Step 1
switch# config terminal
switch(config)#
Step 2
switch(config)# hostname SwitchA
Step 3
SwitchA(config)# ip domain-name example.com
Generating an RSA Key-Pair
RSA key-pairs are used to sign and/or encrypt and decrypt the security payload during security protocol
exchanges for applications such as IKE/IPsec and SSH, and they are required before you can obtain a
certificate for your switch.
Cisco MDS 9000 Family CLI Configuration Guide
36-6
Generating Certificate Requests, page 36-10
Installing Identity Certificates, page 36-11
Ensuring Trust Point Configurations Persist Across Reboots, page 36-12
Monitoring and Maintaining CA and Certificates Configuration, page 36-13
Chapter 36
Configuring Certificate Authorities and Digital Certificates
Purpose
Enters configuration mode.
Configures the host name (SwitchA) of the switch.
Configures the IP domain name (example.com) of
the switch.
OL-18084-01, Cisco MDS NX-OS Release 4.x