API Guide
b0:42:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:22:3F:BE:99:B7:FA:A1:5B:1D:68:0B:E9:5E:21:7D:83:62:AC:DB
X509v3 Authority Key Identifier:
keyid:75:22:3F:BE:99:B7:FA:A1:5B:1D:68:0B:E9:5E:21:7D:83:62:AC:DB
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
8e:0c:50:18:5f:db:cc:80:5c:6e:ce:43:29:32:2e:0b:70:96:
db:e8:23:c9:15:a2:99:72:d6:01:c9:61:8e:ed:8d:f8:4d:2f:
99:57:bf:52:1f:4a:5b:7b:ff:24:23:5f:eb:3e:e8:8e:0c:d4:
94:0f:20:a7:e3:3b:18:e9:76:06:5a:ae:65:38:d4:3a:98:d6:
0b:73:5b:b5:8e:4c:b5:74:02:9a:9d:9a:7d:7a:18:2f:32:38:
9e:0e:7b:de:15:3c:f1:33:e8:2d:3f:92:f0:f2:4e:7a:7f:e2:
a5:2e:04:3a:2f:3b:1b:05:71:39:70:6d:a4:6e:8f:25:31:0e:
2c:8a:7e:b4:30:7c:38:2f:48:df:19:56:42:4f:be:5f:d3:02:
70:18:7e:76:66:ca:13:1c:e3:9c:4d:aa:d3:67:96:be:d9:49:
5c:69:10:75:26:53:f7:50:39:06:15:d1:3a:87:47:f6:92:a2:
d4:91:35:29:b7:4b:ea:56:4c:13:5e:32:7f:c7:3f:4c:46:67:
54:8d:67:60:38:98:75:da:24:f2:64:b9:24:a1:e3:5b:42:66:
4c:c7:cb:ee:c3:ca:bd:87:1b:7a:fc:35:53:2d:74:68:db:a7:
47:db:03:a3:30:52:af:67:7f:54:a4:de:60:ca:ae:94:43:f8:
98:85:fc:18:9b:b1:db:81:44:57:0b:be:6a:56:9d:2f:7d:75:
c2:22:a4:7c:d7:ee:f8:de:10:11:26:60:35:1c:4c:87:2e:a2:
fb:1f:5f:30:6c:11:c1:fa:f2:5b:46:02:0a:18:2f:02:a4:99:
f2:43:29:cf:e6:5b:8a:d0:ec:42:bf:49:c6:8a:7e:b4:53:38:
03:1b:fd:a9:49:88:b5:f1:42:93:c7:78:38:6c:2a:1c:be:83:
97:27:b1:26:eb:16:44:ce:34:02:53:45:08:30:c9:3a:76:83:
10:f3:af:c7:6f:0c:74:ec:81:ea:d9:c4:20:a5:1d:72:64:52:
7b:e8:30:1a:9e:3a:05:9c:8a:69:e5:b7:43:b3:36:08:f2:e0:
fb:88:d9:c1:b6:f4:4a:23:27:31:3a:51:b3:68:c9:6f:3e:f5:
dd:98:4d:07:38:ed:f4:d3:ed:06:4c:84:87:3d:cf:f3:2e:e5:
1a:b6:00:71:4c:51:35:c8:95:e4:c6:7e:82:47:d3:25:64:a4:
0b:31:53:d0:e4:6b:97:98:21:4b:fc:e7:12:be:69:01:d8:b5:
74:f5:b6:39:22:8a:8c:39:23:0f:be:4b:0f:9a:01:ac:b8:5b:
12:cb:94:06:30:f5:74:45:20:af:ab:d6:af:21:0c:d8:62:84:
18:c2:cf:4f:be:73:c9:33
Delete CA server certificate
OS10# crypto ca-cert delete Dell_rootCA1.crt
Successfully removed certificate
Certificate revocation
Before the switch and an external device, such as a RADIUS or TLS server, set up a secure connection, they present CA-signed
certificates to each other. The certificate validation allows peers to authenticate each other's identity, and is followed by
checking to ensure that the certificate has not been revoked by the issuing CA.
A certificate includes the URL and other information about the certificate distribution point (CDP) that issued the certificate.
Using the URL, OS10 accesses the CDP to download a certificate revocation list (CRL). If the external device's certificate is on
the list or if the CDP server does not respond, the connection is not set up.
A certificate revocation list contains a list of all revoked certificates. The CA that issued the certificates maintains the CRL. CAs
publish a new CRL at periodic intervals. An OS10 switch automatically downloads the new CRL and uses it to verify certificates
presented by connecting devices.
When a CA issues a certificate, it usually includes the CRL distribution point in the certificate. OS10 uses the CDP URL to
access the server with the current CRL. OS10 supports using multiple CDPs and CRLs during a CRL revocation check. If a CRL
check validates a certificate from an external device, OS10 sets up a secure connection to perform the tasks initiated by the
application.
Like CA certificates, CRLs are maintained in the trust store on the switch and applied to all PKI-enabled applications. To use
CRLs to validate certificates presented by external devices:
Security
1059