Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

841

842

843

844

845

846

847

848

849

850

crypto cert generate

Creates a certicate signing request (CSR) or a self-signed certicate.

Syntax

crypto cert generate {request | self-signed} [cert-file cert-path key-file

{private | keypath}] [country 2-letter code] [state state] [locality city]

[organization organization-name] [orgunit unit-name] [cname common-name] [email

email-address] [validity days] [length length] [altname alt-name]

Parameters

• request — Create a certicate signing request to copy to a CA.

• self-signed — Create a self-signed certicate.

• cert-file cert-path — (Optional) Enter the local path where the self-signed certicate or CSR will be

stored. You can enter a full path or a relative path; for example, flash://certs/s4810-001-

request.csr or usb://s4810-001.crt. If you do not enter the cert-file option, the system

interactively prompts you to ll in the remaining elds of the certicate signing request. Export the CSR to a CA

using the copy command.

• key-file {key-path | private} — Enter the local path where the downloaded or locally generated

private key will be stored. If the key was downloaded to a remote server, enter the server path using a secure

method, such as HTTPS, SCP, or SFTP. Enter private to store the key in a local hidden location.

• country 2-letter-code — OPTIONAL) Enter the two letter code that identies the country.

• state state — Enter the name of the state.

• locality city — Enter the name of the city.

• organization organization-name — Enter the name of the organization.

• orgunit unit-name — Enter name of the unit.

• cname common-name — Enter the common name assigned to the certicate. Common name is the main

identity presented to connecting devices. By default, the switch’s host name is the common name. You can

congure a dierent common name for the switch; for example, an IP address. If the

common-name value

does not match the device’s presented identity, a signed certicate does not validate.

• email email-address — Enter a valid email address used to communicate with the organization.

• validity days — Enter the number of days for which the certicate is valid. For a CSR, validity has no

eect. For a self-signed certicate, the default is 3650 days or 10 years.

• length bit-length — Enter a bit value for the keyword length. For FIPS mode, the range is from 2048 to

4096; for non-FIPS mode, the range is from 1024 to 4096. The default key length for both FIPS and non-FIPS

mode is 2048 bits. The minimum key length value for FIPS mode is 2048 bits. The minimum key length value

for non-FIPS mode is 1024 bits.

• altname altname — Enter an alternate name for the organization; for example, using the IP address such

altname IP:192.168.1.100.

Default

Not congured

Command mode EXEC

Usage information Generate a CSR when you want a CA to sign a host certicate. Generate a self-signed certicate if you do not set

up a CA and implement a certicate trust model in your network.

If you enter the cert-file option, you must enter all the following required parameters, including the local path

where the certicate and private key are stored.

Security 841