Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

841

842

843

844

845

846

847

848

849

850

If you do not specify the cert-file option, you are prompted to ll in the other parameter values for the

certicate interactively; for example:

You are about to be asked to enter information that will be incorporated into

your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank.

For some fields there will be a default value; if you enter '.', the field

will be left blank.

Country Name (2 letter code) [US]:

State or Province Name (full name) [Some-State]:California

Locality Name (eg, city) []:San Francisco

Organization Name (eg, company) []:Starfleet Command

Organizational Unit Name (eg, section) []:NCC-1701A

Common Name (eg, YOUR name) [hostname]:S4148-001

Email Address []:scotty@starfleet.com

If the system is in FIPS mode (crypto fips enable command), the CSR and private key are generated using

approved algorithms from a cryptographic library that has been validated against the FIPS 140-2 standard. You can

install the FIPS-compliant certicate-key pair using the crypto cert install command with the fips

option.

Examples

OS10# crypto cert generate request cert-file home://cert1.pem key-file home://

cee OS10-VM email admin@dell.com length 1024 altname DNS.dell.com

Processing certificate ...

Successfully created CSR file /home/admin/cert1.pem and key

OS10# crypto cert generate self-signed cert-file home://cert2.pem key-file

home:e OS10-VM email admin@dell.com length 1024 altname.dell.com validity 365

Processing certificate ...

Successfully created certificate file /home/admin/cert2.pem and key

Supported releases 10.4.3.0 or later

crypto cert install

Installs a host certicate and private key on the switch. A host certicate may be trusted from a CA or self-signed.

Syntax

crypto cert install cert-file cert-path key-file {key-path | private} [password

passphrase] [fips]

Parameters

• cert-file cert-path — Enter the local path to where the downloaded certicate is stored. You can

enter a full path or a relative path; for example, home://s4048-001-cert.pem or usb://s4048-001-

cert.pem

or flash://certs/s4810-001-request.crt.

• key-file {key-path | private} — Enter the local path to retrieve the downloaded or locally

generated private key. Specify a key-path to install the key from a local directory. Enter private to install the

key from a local hidden location. After the certicate is successfully installed, the private key is deleted from the

specied key-path location and copied to the hidden location.

• password passphrase — (Optional) Enter the password used to decrypt the private key if it was

generated using a password.

• fips — (Optional) Install the certicate-key pair as FIPS-compliant. Enter fips to install a certicate-key

pair that a FIPS-aware application, such as RADIUS over TLS, uses. If you do not enter fips, the certicate-

key pair is stored as a non-FIPS compliant pair.

Default Not congured

842 Security