Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsEMC Networking MX9116n
1051105210531054105510561057105810591060
1. Configure the URL for a certificate distribution point in EXEC mode.
crypto cdp add cdp-name cdp-url
Verify the CDPs accessed by the switch in EXEC mode.
show crypto cdp [cdp-name]
To delete an installed CDP, use the crypto cdp delete cdp-name command.
2. Install CRLs that have been downloaded from CDPs in EXEC mode.
crypto crl install crl-path [crl-filename]
Display a list of the CRLs installed on the switch in EXEC mode.
show crypto crl [crl-filename]
To delete a manually installed CRL that was configured with the crypto crl install command, use the crypto crl
delete [crl-filename] command.
To enable CRL checking on the switch, see Security profiles.
Example: Configure CDP
OS10# crypto cdp add cert1_cdp http://crl.chambersign.org/chambersignroot.crl
Successfully added CDP
OS10# show crypto cdp
--------------------------------------
| Manually installed CDPs |
--------------------------------------
cert1_cdp.crl_url
--------------------------------------
| Automatically installed CDPs |
--------------------------------------
Example: Install CRL
OS10# crypto crl install home://pki-regression/Network_Solutions_Certificate_
Authority.0.crl.pem
Processing file ...
issuer=C=US,O=Network Solutions L.L.C.,CN=Network Solutions Certificate
Authority.0.crl.pem
lastUpdate=Jul 7 04:15:08 2019 GMT
nextUpdate=Jul 11 04:15:08 2019 GMT
OS10# show crypto crl
--------------------------------------
| Manually installed CRLs |
--------------------------------------
Network_Solutions_Certificate_Authority.0.crl.pem
--------------------------------------
| Downloaded CRLs |
--------------------------------------
Request and install host certificates
OS10 also supports the switch obtaining its own X.509v3 host certificate. In this procedure, you generate a certificate signing
request (CSR) and a private key. Store the private key locally in a secure location. Copy the CSR file to a certificate authority.
The CA generates a host certificate for an OS10 switch by digitally signing the switch certificate contained in the CSR.
The administrator then copies the CA-signed host certificate to the home directory on the switch. Because a local private key is
created when the CSR is generated, it is not necessary to install a private key using an uploaded file.
1060
Security