Connectivity Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

841

842

843

844

845

846

847

848

849

850

Command mode EXEC

Usage information Before using the crypto cert install command, copy a CA-signed certicate to the home directory on the

switch using a secure connection, such as HTTPS, SCP, or SFTP, and (optionally) the private key. To delete a

trusted certicate, use the crypto cert delete command.

A successful installation of a trusted certicate requires that:

• The downloaded certicate is correctly formatted.

• The downloaded certicate’s public key corresponds to the private key.

You can assign an installed certicate-key pair to a security prole by entering the le name of the certicate

without an extension.

It is possible to store a certicate in either FIPS mode or non-FIPS mode on the switch, but not in both modes,

using the crypto cert install command and the optional fips option. You must ensure that certicates

installed in FIPS mode are compliant with the FIPS 140-2 standard.

Example

OS10# crypto cert install cert-file home://Dell_host1_CA1.pem key-file home://

Dell_host1_CA1.key

Processing certificate ...

Certificate and keys were successfully installed as "Dell_host1_CA1.pem" that

may be used in a security profile. CN = Dell_host1_CA1.

Supported releases 10.4.3.0 or later

crypto security-prole

Creates an application-specic security prole.

Syntax

crypto security-profile profile-name

Parameters prole-name — Enter the name of the security prole, up to 32 characters.

Default Not congured

Command mode CONFIGURATION

Usage information Create a security prole for a specic application on the switch, such as RADIUS over TLS. A security prole

associates a certicate and private key pair using the certificate command. The no form of the command

deletes the security prole.

Example

OS10# crypto security-profile secure-radius-profile

OS10(config-sec-profile)#

Supported releases 10.4.3.0 or later

show crypto ca-certs

Displays all CA certicates installed on the switch.

Syntax

show crypto ca-certs [filename]

Parameters filename — (Optional) Enter the text lename of a CA certicate as shown in the show crypto ca-certs

output. Enter the lename in the format filename.crt.

Default Display all installed CA certicates.

Command mode EXEC

Security 843