Manualshelf

Setup Guide

ManualsBrandsDell ManualsAccess PlatformsC9010 Modular Chassis Switch
1177117811791180118111821183118411851186
Organization Name
Organization Unit Name
Common Name
Email address
Validity
Length
Alternate Name
NOTE: The command contains multiple options with the Common Name being a required eld and blanks being lled in
for unspecied elds.
Information about installing trusted certicates
Dell Networking OS also enables you to install a trusted certicate. The system can then present this certicate for authentication to
clients such as SSH and HTTPS.
This trusted certicate is also presented to the TLS server implementations that require client authentication such as Syslog. The
certicate is digitally signed with the private key of a CA server.
You can download the trusted certicate for a device from ash, usbash, tftp, ftp, or scp. This certicate is stored in the BSD le system
and can be used to authenticate the switch to clients.
Installing trusted certicates
To install a trusted certicate, perform the following step:
In global conguration mode, enter the following command:
crypto cert inatall {path}
Transport layer security (TLS)
Transport Layer Security (TLS) provides cryptographic protection for TCP-based application protocols.
In Dell Networking OS, TLS already protects secure HTTP for the REST and HTTPD server implementations.
NOTE
: There are three modern versions of the TLS protocol: 1.0, 1.1, and 1.2. Older versions are called “SSL” v1, v2, and v3, and
should not be supported.
The TLS protocol implementation in Dell Networking OS takes care of the following activities:
Session negotiation and shutdown
Protocol Version
Cryptographic algorithm selection
Session resumption and renegotiation
Certicate revocation checking, which may be accomplished through OCSP
When operating in FIPS mode, the system is restricted to only the TLS 1.2 protocol version and support the following cipher suites in line
with the NIST SP800-131A Rev 1 policy document—published July 2015:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA256
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
TLS_DH_RSA_WITH_AES_256_CBC_SHA256
TLS_DH_RSA_WITH_AES_128_CBC_SHA256
X.509v3
1183