Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

1131

If you do not specify the cert-le option, the system prompts you to enter metadata information related to the CSR as follows:

You are about to be asked to enter information that will be incorporated into your certificate

request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank.

For some fields there will be a default value; if you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [US]:

State or Province Name (full name) [Some-State]:California

Locality Name (eg, city) []:San Francisco

Organization Name (eg, company) []:Starfleet Command

Organizational Unit Name (eg, section) []:NCC-1701A

Common Name (eg, YOUR name) [hostname]:S4810-001

Email Address []:scotty@starfleet.com

The switch uses SHA-256 as the digest algorithm and the public key algorithm is RSA with a 2048-bit modulus. The KeyUsage bits of the

certicate assert keyEncipherment (bit 2) and keyAgreement (bit 4). The keyCertSign bit (bit 5) is NOT be set. The

ExtendedKeyUsage elds indicate serverAuth and clientAuth.

The attribute CA:FALSE is set in the Extensions section of the certicate. The certicate is NOT used to validate other certicates. The

CSR is then copied out to the CA server. It can be copied from ash to a destination like usbash, TFTP, FTP, or SCP.

The CA server signs the CSR with its private key. The CA server then makes the signed certicate available for the requesting device to

download and install.

Creating Certicate Signing Requests (CSR)

To create a private key and CSR, perform the following step:

In global conguration mode, enter the following command:

crypto cert generate {self-signed | request} [cert-file cert-path key-file {private | key-

path}] [country 2-letter code] [state state] [locality city] [organization organization-name]

[orgunit unit-name] [cname common-name] [email email-address] [validity days] [length length]

[altname alt-name]

You must specify the following parameters for this command:

• Certicate File

• Private Key

• Country Name

• State or Province Name

• Locality Name

• Organization Name

• Organization Unit Name

• Common Name

• Email address

• Validity

• Length

• Alternate Name

X.509v3

1139