Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

831

832

833

834

835

836

837

838

839

840

– If you enter fips after using the key-file private option in the crypto cert generate request command, a FIPS-

compliant private key is stored in a hidden location in the internal le system that is not visible to users.

If the certicate installation is successful, the le name of the host certicate and its common name are displayed. Use the lename to

congure the certicate in a security prole (crypto security-profile command).

Example: Generate CSR and upload to server

OS10# crypto cert generate request cert-file home://DellHost.pem key-file home://DellHost.key

email admin@dell.com length 1024 altname DNS:dell.domain.com

Processing certificate ...

Successfully created CSR file /home/admin/DellHost.pem and key

OS10# copy home://DellHost.pem scp:///tftpuser@10.11.178.103:/tftpboot/certs/DellHost.pem

password:

Host certicate tip

When administering a large number of switches, you may choose to not generate numerous CSRs for all switches. An alternate method to

installing a host certicate on each switch is to generate both the private key le and CSR oine; for example, on the CA server. The CSR

is signed by the CA, which generates both a certicate and key le. You then copy the trusted certicate and key le to the switch using

the copy command and install them using the crypto cert install cert-file home://cert-filename key-file

home://key-filename command.

NOTE: For security reasons, the private key le is copied to an internal, secure location and removed from the viewable le

system.

Example: Download and install trusted certicate and private key

OS10# copy scp:///tftpuser@10.11.178.103:/tftpboot/certs/Dell_host1_CA1.pem home://

Dell_host1_CA1.pem

password:

OS10# copy scp:///tftpuser@10.11.178.103:/tftpboot/certs/Dell_host1_CA1.key home://

Dell_host1_CA1.key

password:

OS10# crypto cert install cert-file home://Dell_host1_CA1.pem key-file home://Dell_host1_CA1.key

Processing certificate ...

Certificate and keys were successfully installed as "Dell_host1_CA1.pem" that may be used in a

security profile. CN = Dell_host1_CA1

Display trusted certicates

OS10# show crypto cert

--------------------------------------

| Installed non-FIPS certificates |

--------------------------------------

Dell_host1_CA1.pem

--------------------------------------

| Installed FIPS certificates |

--------------------------------------

OS10# show crypto cert Dell_host1_CA1.pem

------------ Non FIPS certificate -----------------

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 4096 (0x1000)

Signature Algorithm: sha256WithRSAEncryption

Issuer: C = US, ST = California, O = Dell EMC, OU = Networking, CN = Dell_interCA1

Validity

Not Before: Jul 25 19:11:19 2018 GMT

Not After : Jul 22 19:11:19 2028 GMT

Subject: C = US, ST = California, L = Santa Clara, O = Dell EMC, OU = Networking, CN =

Dell_host1_CA1

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Security

833