Connectivity Guide
When you install a certicate-key pair, both take the name of the certicate. Enter the certicate-key pair name
without an extension as the certificate-name value. The no form of the command removes the certicate-
key pair from the prole.
Example
OS10# crypto security-profile secure-radius-profile
OS10(config-sec-profile)# certificate Dell_host1
Supported releases 10.4.3.0 or later
cluster security-prole
Creates a security prole for a cluster application.
Syntax
cluster security-profile profile-name
Parameters prole-name — Enter the name of the security prole, up to 32 characters.
Default Not congured
Command mode CONFIGURATION
Usage information When you enable VLT or a fabric automation application, switches that participate in the cluster use secure
channels to communicate with each other. OS10 installs a default X.509v3 certicate-key pair that is used to
establish secure channels between peer devices in a cluster. If untrusted devices access the management or data
ports on the switch, you should replace the default certicate-key pair with a custom X.509v3 certicate-key pair
using the cluster security-profile command. A security prole associates a certicate and private key
pair using the certificate command. The no form of the command deletes the cluster security prole.
Example
OS10(config)# cluster security-profile secure-cluster
OS10(config)#
Supported releases 10.4.3.0 or later
crypto ca-cert delete
Deletes a CA certicate.
Syntax
crypto ca-cert delete {ca-cert-filepath | all}
Parameters
• ca-cert-filepath — Enter the local path where the downloaded CA certicate is stored; for example,
home://CAcert.pem or usb://CA-cert.pem.
• all — Delete all CA certicates.
Default Not congured
Command mode EXEC
Usage information To display the currently installed CA certicates, use the show crypto ca-certs command.
Example
OS10# crypto ca-cert delete Amazon_Root_CA.crt
Successfully removed certificate
OS10# crypto ca-cert delete all
Proceed to delete all installed CA certificates? [confirm yes/no(default)]:yes
Supported releases 10.4.3.0 or later
Security 839