Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4048-ON

1731

The certificate matching the current FIPS state is deleted. If the system is in FIPS mode, the FIPS certificate is

deleted. If the system is in non-FIPS mode, the non-FIPS certificate is deleted.

Before deleting the system’s trusted certificate, the system prompts you to specify whether to proceed with

deletion. If you proceed, the system deletes the certificate and also the private key.

Commands

• crypto ca-cert install

• crypto cert generate

crypto cert generate

Generates a Certificate Signing Request (CSR) or a self-signed certificate.

Syntax

crypto cert generate {self-signed | request} [cert-file cert-path key-file

{private | key-path}] [country 2-letter code] [state state] [locality city]

[organization organization-name] [orgunit unit-name] [cname common-name] [email

email-address] [validity days] [length length] [altname alt-name]

Parameters

self-signed Enter the keyword self-signed to create a self-signed certificate.

request Enter the keyword request to create a certificate signing request.

cert-file Enter the keyword cert-file to specify that the certificate needs to be created.

NOTE: If the cert-file option is not specified in the command, then the

system interactively prompts you to fill in rest of the fields of the certificate

signing request (CSR).

cert-path

Enter the path to locally store the self-signed certificate or CSR. The path can be a full

path or a relative path. If the system accepts this path, a notification is sent indicating the

location where the CSR file is stored. You can then export the CSR to a CA using the

“copy” command. Following is an example of a path that you can specify: flash://

certs/s4810-001-request.csr.

key-file Enter the keyword key-file to specify the private key.

private Enter the keyword private to specify that the key is stored in a hidden location in the

NVRAM. Only one private key can exist in a hidden location at any given point in time.

key-path

Enter the absolute or relative location on the device where the key is stored.

country

2–letter-

code

(OPTIONAL) Enter the keyword country followed by the two letter code that is used to

identify the country name.

state

(OPTIONAL) Enter the keyword state followed by the name of the state.

locality

city

(OPTIONAL) Enter the keyword locality followed by the name of the city.

organization

organization-name

(OPTIONAL) Enter the keyword organization followed by the name of the

organization.

orgunit

unit-name

(OPTIONAL) Enter the keyword orgunit followed by the name of the unit.

cname

common-

name

Enter the keyword cname followed by the common name that you want to assign.

NOTE: Common Name is an important attribute while creating a CSR or a

self-signed certificate. Common name is the main identity presented to

connecting entities. By default, the device’s host name acts as the common

name. However, you can still configure a different common name for the

device. For example, you can specify an IP address to act as a Common

Name for the device. If the Common Name does not match the device’s

presented identity, then even a properly signed certificate does not validate

correctly.

email-

address

(OPTIONAL) Enter the keyword email followed a valid email address used for

communication with the organization.

X.509v3 1735