User's Manual

2-9

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

OL-7310-01

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

crypto key generate

To generate RSA key pairs, use the crypto key generate command.

crypto key generate rsa {usage-keys|general-keys} {label key-label} [exportable] [modulus

size]

Syntax Description

Defaults This command has no default settings.

Command Modes Global configuration

Command History

Usage Guidelines The WebVPN Services Module supports up to eight levels of certificate authority (one root certificate

authority and up to seven subordinate certificate authorities).

You can specify that a key is exportable during key generation. Once the key is generated as either

exportable or not exportable, it cannot be modified for the life of the key.

Note The WebVPN Services Module supports modulus lengths of 512, 768, 1024, 1536, and 2048 bits.

Although you can specify 512 or 768, we recommend a minimum modulus length of 1024. A longer

modulus takes longer to generate and takes longer to use, but it offers better security.

After you generate a key pair, you can test the SSL service by generating a self-signed certificate.

general-keys Generate a general purpose RSA key pair for signing and encryption

usage-keys Generate seperate RSA key pairs for signing and encryption

label key-label Specifies the key.

exportable (Optional) Specifies that the key is allowed to be exported.

modulus size (Optional ) Specifies the modulus length in bits; valid values are 512, 768,

1024, 1536, and 2048 bits. See the “Usage Guidelines” section for more

information.

Release Modification

WebVPN Services

Module Release 1.1

Support for this command was introduced on the Catalyst 6500 series

switches.