Chapter 12
Configuring Certificates
(Optional) To view key pair(s), enter the following command:
Step 2
hostname/contexta(config)# show crypto key mypubkey
The following is sample output from the show crypto key mypubkey command:
Key pair was generated at: 16:39:47 central Feb 10 2009
Key name: <Default-RSA-Key>
Usage: General Purpose Key
Modulus Size (bits): 1024
Key Data:
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00ea51b7
0781848f 78bccac2 4a1b5b8d 2f3e30b4 4cae9f86 f4485207 159108c9 f5e49103
9eeb0f5d 45fd1811 3b4aafce 292b3b64 b4124a6f 7a777b08 75b88df1 8092a9f8
5508e9e5 2c271245 7fd1c0c3 3aaf1e04 c7c4efa4 600f4c4a 6afe56ad c1d2c01c
e08407dd 45d9e36e 8cc0bfef 14f9e6ac eca141e4 276d7358 f7f50d13 79020301 0001
Key pair was generated at: 16:34:54 central Feb 10 2005
Save the key pair that you have generated. To do so, save the running configuration by entering the
Step 3
following command:
hostname(config)# write memory
Removing Key Pairs
To remove key pairs, enter the following command:
hostname(config)# crypto key zeroize rsa
The following is sample output from the crypto key zeroize rsa command:
WARNING: All RSA keys will be removed.
WARNING: All device certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no] y
Establishing AAA Authentication
To establish AAA authentication for traffic on which you want to perform cut-through-proxy
authentication, perform the following steps:
Enter either one of the following commands:
Step 1
hostname (config)# aaa authentication match
hostname (config)# aaa authentication include
For the aaa authentication match command, you can use TACACS+ or RADIUS user accounting, or
the local IP address of the host or network of hosts that you want to be authenticated or authorized on a
server designated by the aaa-server command.
For the aaa authentication include command, you can use only TACACS+ or RADIUS user accounting
to be authenticated or authorized on a server designated by the aaa-server command.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Certificate Configuration
12-5