Users Guide

ManualsBrandsDell ManualsAccess PlatformsOS9

1711

crypto cert install

Installs a trusted certificate on a device.

Syntax

crypto cert install cert-file cert-path key-file {key-path | private}

[password passphrase]

Parameters

cert-file Enter the keyword cert-file to specify that the certificate needs to be

downloaded.

cert-path

Enter the path where the certificate is locally stored. The path can be a full path or

a relative path. If the system accepts this path, a notification is sent indicating the

location where the certificate file is stored. Following are example of a path that

you can specify: flash://certs/s4810-001-request.crtand

usbflash:/certs/s4810-001-cert.pem

NOTE: Before installing a trusted certificate, you first need to download it

from a remote CA using the copy command.

key-file Enter the keyword key-file to specify the private key.

private Enter the keyword private to specify that the key is stored in a hidden location in

the NVRAM. Only one private key can exist in a hidden location at any given point

in time.

key-path

Enter the absolute or relative location on the device where the key is stored.

NOTE: After the certificate is successfully installed, the private key is deleted

from the specified location and copied to the hidden location in NVRAM.

password

passphrase

(Optional) Enter the keyword password followed by the password phrase used to

decrypt the private key.

NOTE: You can generate the private key and certificate on another host. While

doing so, you must keep the private key encrypted with a passphrase so that

the private key is not compromised during transport. The password phrase acts

a facility to decrypt the private key before installing it on the switch.

Defaults NA.

Command Modes EXEC Privilege

Command

History

This guide is platform-specific. For command information about other platforms, see the relevant Dell

EMC Networking OS Command Line Reference Guide.

The following is a list of the Dell EMC Networking OS version history for this command.

Version Description

9.11.0.0 Introduced the command.

Usage

Information

The following RBAC roles are allowed to issue this command:

● sysadmin

● secadmin

Certain parameters must be met in order for this command to succeed:

● The downloaded certificate should be formatted properly.

● In order for verification to work, the CA certificate must be installed on the system before running this

command.

● The downloaded certificate’s public key must correspond to the private key.

● If the certificate is not self-signed, then the CA certificate (from the CA that has signed the

certificate) must be installed on the system prior to running this command for verification to work.

NOTE: It is possible for the switch to store two types of certificates: one for the FIPS mode and one

for the non-FIPS mode. If the system is in FIPS mode, the certificate is installed as the FIPS

X.509v3 1719