Concept Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch

1177

crypto ca-cert install {path}

Information about Creating Certicate Signing

Requests (CSR)

Certicate Signing Request (CSR) enables a device to get a X.509v3 certicate from a CA.

In order for a device to get a X.509v3 certicate, the device rst requests a certicate from a CA through a Certicate Signing Request

(CSR). While creating a CSR, you need to provide the information about the certicate and the private key details. Dell Networking OS

enable you to create a private key and a CSR for a device using a single command.

NOTE: For the procedure on creating CSRs, see Creating Certicate Signing Requests (CSRs).

If you do not specify the cert-le option, the system prompts you to enter metadata information related to the CSR as follows:

You are about to be asked to enter information that will be incorporated into your certificate

request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank.

For some fields there will be a default value; if you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [US]:

State or Province Name (full name) [Some-State]:California

Locality Name (eg, city) []:San Francisco

Organization Name (eg, company) []:Starfleet Command

Organizational Unit Name (eg, section) []:NCC-1701A

Common Name (eg, YOUR name) [hostname]:S4810-001

Email Address []:scotty@starfleet.com

The system uses SHA-256 as the digest algorithm and the public key algorithm is RSA with a 2048-bit modulus. The KeyUsage bits of the

certicate assert keyEncipherment (bit 2) and keyAgreement (bit 4). The keyCertSign bit (bit 5) is NOT be set. The ExtendedKeyUsage

elds indicate serverAuth and clientAuth.

The “CA:FALSE” is set in the Extensions section of the certicate. The certicate is NOT used to validate other certicates. The CSR is

then copied out to the CA server. It can be copied from ash to a destination like usbash, tftp, ftp, or SCP.

The CA server signs the CSR with its private key. The CA server then makes the signed certicate available for the requesting device to

download and install.

Creating Certicate Signing Requests (CSR)

To create a private key and CSR, perform the following step:

In global conguration mode, enter the following command:

crypto cert generate {self-signed | request} [cert-file cert-path key-file {private | key-

path}] [country 2-letter code] [state state] [locality city] [organization organization-name]

[orgunit unit-name] [cname common-name] [email email-address] [validity days] [length length]

[altname alt-name]

You must specify the following parameters for this command:

• Certicate File

• Private Key

• Country Name

• State or Province Name

• Locality Name

1182

X.509v3