Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

821

822

823

824

825

826

827

828

829

830

3 OS10 switches generate private keys and create CSRs using the crypto cert generate request command. A switch uploads

a CSR to an intermediate CA. To store the private key in a local hidden location, Dell EMC Networking recommends using the key-

file private

parameter with the command.

4 Download and install a CA certicate on a host using the crypto ca-cert install command. After you install a CA certicate,

a host trusts any certicates that are signed by the CA and presented by other network devices. You must rst download a certicate

to the home directory, and then install the certicate using the crypto ca-cert install command.

5 Download and install a signed host certicate and private key from an intermediate CA on an OS10 switch. Then install them using the

crypto cert install command. After you install the host certicate, OS10 applications use the certicate to secure

communication with network devices. The private key is installed in the internal le system on the switch and cannot be exported or

viewed.

Manage CA certicates

OS10 supports the download and installation of public X.509v3 certicates from external certicate authorities.

In a data center environment, trusted CA servers can create CA certicates. A host operates as a trusted CA server. Network hosts install

certicates that are digitally signed with the CA's private key to establish trust between participating devices in the network. The certicate

on an OS10 switch is used to verify the certicates presented by clients and servers, such as Syslog and RADIUS servers, to establish a

secure connection with these devices.

To import a CA server certicate:

1 Use the copy command to download an X.509v3 certicate created by a CA server using a secure method, such as HTTPS, SCP, or

SFTP. Copy a CA certicate to the local directory on the switch, such as

home:// or usb://.

2 Use the crypto ca-cert install command to install the certicate. When you install a CA certicate, specify the local path

where the certicate is stored.

The switch veries the certicate and installs it in an existing directory of trusted certicates in PEM format.

Install CA certicate

• Install a CA certicate in EXEC mode.

crypto ca-cert install ca-cert-filepath [filename]

– ca-cert-filepath species the local path to the downloaded certicate; for example, home://CAcert.pem or usb://CA-

cert.pem.

– filename species an optional lename that the certicate is stored under in the OS10 trust-store directory. Enter the lename in

the filename.crt format.

Example: Download and install CA certicate

OS10# copy scp:///tftpuser@10.11.178.103:/tftpboot/certs/Dell_rootCA1.pem home://

Dell_rootCA1.pem

password:

OS10# crypto ca-cert install home://Dell_rootCA1.pem

Processing certificate ...

Installed Root CA certificate

CommonName = Dell_rootCA1

IssuerName = Dell_rootCA1

Display CA server certicate

OS10# show crypto ca-certs

--------------------------------------

| Locally installed certificates |

--------------------------------------

Dell_rootCA1.crt

OS10# show crypto ca-certs Dell_rootCA1.crt

Certificate:

Data:

Security

829