Connectivity Guide
| Installed FIPS certificates |
--------------------------------------
OS10# show crypto cert DellHost.pem
------------ Non FIPS certificate -----------------
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 245 (0xf5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: emailAddress = admin@dell.com
Validity
Not Before: Feb 11 20:10:12 2019 GMT
Not After : Feb 11 20:10:12 2020 GMT
Subject: emailAddress = admin@dell.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:c7:12:ca:a8:d6:d2:1c:ab:66:9a:d1:db:50:5a:
b5:8a:e4:53:9d:f6:b4:fc:cd:f4:b9:46:8a:03:86:
be:0b:50:51:c7:25:76:9f:ff:b4:f9:f8:d9:6f:5d:
53:52:0c:4d:05:ed:31:23:79:44:5c:d7:62:01:9d:
41:e8:ff:3a:b0:35:0c:22:d7:ef:df:05:9a:28:6b:
95:10:8e:bc:c6:62:3a:82:30:0f:4f:4e:19:17:48:
f1:bd:1e:0c:4f:54:03:42:f3:a7:de:22:40:3d:5e:
6b:b2:8e:23:17:53:ef:10:d9:ae:1d:1f:d6:e4:ae:
25:9f:d9:39:60:5c:49:b0:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09
X509v3 Subject Alternative Name:
DNS:dell.domain.com
Signature Algorithm: sha256WithRSAEncryption
b8:83:ae:34:bb:84:e6:b4:a3:fd:77:20:67:15:3f:02:76:ca:
f6:74:d4:d2:36:0e:58:8c:96:13:c2:85:8a:df:ba:c0:d9:c8:
Security proles
To use independent sets of security credentials for dierent OS10 applications, you can congure multiple security proles and assign them
to OS10 applications. A security prole consists of a certicate and private key pair.
For example, you can maintain dierent security proles for RADIUS over TLS authentication and SmartFabric services. Using dierent
security proles allows you to upgrade one application without interrupting the operation of the other one. Assign a security prole to an
application when you congure the prole.
When you install a certicate-key pair, both take the name of the certicate. For example, if you install a certicate using:
OS10# crypto cert install cert-file home://Dell_host1.pem key-file home://abcd.key
The certicate-key pair is installed as Dell_host1.pem and Dell_host1.key. In conguration commands, refer to the pair as
Dell_host1. When you congure a security prole, you would enter Dell_host1 in the certificate certificate-name
command.
Congure security prole
1 Create an application-specic security prole in CONFIGURATION mode.
crypto security-profile profile-name
2 Assign a certicate and private key pair to the security prole in SECURITY-PROFILE mode. For certificate-name, enter the
name of the certicate-key pair as it appears in the show crypto certs output without the .pem extension.
certificate certificate-name
exit
836
Security