hit counter script

Configuring A Crl; Deleting Certificates From The Ca Configuration - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

Cisco mds 9000 family cli configuration guide - release 4.x (ol-18084-01, february 2009)
Hide thumbs Also See for AP776A - Nexus Converged Network Switch 5020:
Table of Contents

Advertisement

Configuring CAs and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Configuring a CRL

To import the CRL from a file to a trust point, follow these steps:
Command
Step 1
switch# copy tftp:adminca.crl
bootflash:adminca.crl
Step 2
switch# config terminal
switch(config)#
Step 3
switch(config)# crypto ca crl request admin-ca
bootflash:adminca.crl

Deleting Certificates from the CA Configuration

You can delete the identity certificates and CA certificates that are configured in a trust point. You must
first delete the identity certificate, followed by the CA certificates. After deleting the identity certificate,
you can disassociate the RSA key-pair from a trust point. The certificate deletion is necessary to remove
expired or revoked certificates, certificates whose key-pairs are compromised (or suspected to be
compromised) or CAs that are no longer trusted.
To delete the CA certificate (or the entire chain in the case of a subordinate CA) from a trust point, follow
these steps:
Command
Step 1
switch# config t
switch(config)#
Step 2
switch(config)# crypto ca trustpoint myCA
Step 3
switch(config-trustpoint)# delete
ca-certificate
Step 4
switch(config-trustpoint)# delete certificate
switch(config-trustpoint)# delete certificate
force
Step 5
switch(config-trustpoint)# end
switch#
Step 6
switch# copy running-config startup-config
Cisco MDS 9000 Family CLI Configuration Guide
36-14
Chapter 36
Configuring Certificate Authorities and Digital Certificates
Purpose
Downloads the CRL.
Enters configuration mode.
Configures or replaces the current CRL
with the one specified in the file.
Purpose
Enters configuration mode.
Enters trustpoint configuration submode.
Deletes the CA certificate or certificate chain.
Deletes the identity certificate.
Forces the deletion of the identity certificate.
Note
If the identity certificate being deleted
is the last-most or only identity
certificate in the device, you must use
the force option to delete it. This
ensures that the administrator does not
mistakenly delete the last-most or only
identity certificate and leave the
applications (such as IKE and SSH)
without a certificate to use.
Returns to EXEC mode.
Copies the running configuration to the startup
configuration to ensure the configuration is
persistent across reboots.
OL-18084-01, Cisco MDS NX-OS Release 4.x

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents