Connectivity Guide
70:18:7e:76:66:ca:13:1c:e3:9c:4d:aa:d3:67:96:be:d9:49:
5c:69:10:75:26:53:f7:50:39:06:15:d1:3a:87:47:f6:92:a2:
d4:91:35:29:b7:4b:ea:56:4c:13:5e:32:7f:c7:3f:4c:46:67:
54:8d:67:60:38:98:75:da:24:f2:64:b9:24:a1:e3:5b:42:66:
4c:c7:cb:ee:c3:ca:bd:87:1b:7a:fc:35:53:2d:74:68:db:a7:
47:db:03:a3:30:52:af:67:7f:54:a4:de:60:ca:ae:94:43:f8:
98:85:fc:18:9b:b1:db:81:44:57:0b:be:6a:56:9d:2f:7d:75:
c2:22:a4:7c:d7:ee:f8:de:10:11:26:60:35:1c:4c:87:2e:a2:
fb:1f:5f:30:6c:11:c1:fa:f2:5b:46:02:0a:18:2f:02:a4:99:
f2:43:29:cf:e6:5b:8a:d0:ec:42:bf:49:c6:8a:7e:b4:53:38:
03:1b:fd:a9:49:88:b5:f1:42:93:c7:78:38:6c:2a:1c:be:83:
97:27:b1:26:eb:16:44:ce:34:02:53:45:08:30:c9:3a:76:83:
10:f3:af:c7:6f:0c:74:ec:81:ea:d9:c4:20:a5:1d:72:64:52:
7b:e8:30:1a:9e:3a:05:9c:8a:69:e5:b7:43:b3:36:08:f2:e0:
fb:88:d9:c1:b6:f4:4a:23:27:31:3a:51:b3:68:c9:6f:3e:f5:
dd:98:4d:07:38:ed:f4:d3:ed:06:4c:84:87:3d:cf:f3:2e:e5:
1a:b6:00:71:4c:51:35:c8:95:e4:c6:7e:82:47:d3:25:64:a4:
0b:31:53:d0:e4:6b:97:98:21:4b:fc:e7:12:be:69:01:d8:b5:
74:f5:b6:39:22:8a:8c:39:23:0f:be:4b:0f:9a:01:ac:b8:5b:
12:cb:94:06:30:f5:74:45:20:af:ab:d6:af:21:0c:d8:62:84:
18:c2:cf:4f:be:73:c9:33
Delete CA server certicate
OS10# crypto ca-cert delete Dell_rootCA1.crt
Successfully removed certificate
Request and install host certicates
OS10 also supports the switch obtaining its own X.509v3 host certicate. In this procedure, you generate a certicate signing request
(CSR) and a private key. Store the private key locally in a secure location. Copy the CSR le to a certicate authority. The CA generates a
host certicate for an OS10 switch by digitally signing the switch certicate contained in the CSR.
The administrator then copies the CA-signed host certicate to the home directory on the switch. Because a local private key is created
when the CSR is generated, it is not necessary to install a private key using an uploaded le.
The switch presents its own host certicate to clients that require authentication, such as Syslog and RADIUS servers over TLS and
HTTPS connections. The certicate is digitally signed with the private key of the OS10 switch. OS10 supports multiple host certicates so
that you can use dierent certicates with dierent applications. For more information, see Security proles.
To obtain a host certicate from a CA:
1 Create a private key and generate a certicate signing request for the switch.
2 Copy the CSR le to a CA server.
3 Copy the CA-signed certicate to the home directory on the switch. Install the trusted certicate.
Generate a certicate signing request and private key
• Create a private key and a CSR in EXEC mode. Store the CSR le in the home directory or flash: so that you can later copy it to a
CA server. Specify a
keypath to store the device.key le in a secure persistent location, such as the home directory, or use the
private option to store the key le in a private hidden location in the internal le system that is not visible to users.
crypto cert generate request [cert-file cert-path key-file {private | keypath}]
[country 2-letter code] [state state] [locality city] [organization organization-name]
[orgunit unit-name] [cname common-name] [email email-address] [validity days]
[length length] [altname alt-name]
If you enter the cert-file option, you must enter all the following required parameters, such as the local paths where the certicate
and private key are stored, country code, state, locality, and other values.
Security
831