Connectivity Guide
3 OS10 switches generate private keys and create CSRs using the crypto cert generate request command. A switch uploads
a CSR to an intermediate CA. To store the private key in a local hidden location, Dell EMC Networking recommends using the key-
file private
parameter with the command.
4 Download and install a CA certicate on a host using the crypto ca-cert install command. After you install a CA certicate,
a host trusts any certicates that are signed by the CA and presented by other network devices. You must rst download a certicate
to the home directory, and then install the certicate using the crypto ca-cert install command.
5 Download and install a signed host certicate and private key from an intermediate CA on an OS10 switch. Then install them using the
crypto cert install command. After you install the host certicate, OS10 applications use the certicate to secure
communication with network devices. The private key is installed in the internal le system on the switch and cannot be exported or
viewed.
Manage CA certicates
OS10 supports the download and installation of public X.509v3 certicates from external certicate authorities.
In a data center environment, trusted CA servers can create CA certicates. A host operates as a trusted CA server. Network hosts install
certicates that are digitally signed with the CA's private key to establish trust between participating devices in the network. The certicate
on an OS10 switch is used to verify the certicates presented by clients and servers, such as Syslog and RADIUS servers, to establish a
secure connection with these devices.
To import a CA server certicate:
1 Use the copy command to download an X.509v3 certicate created by a CA server using a secure method, such as HTTPS, SCP, or
SFTP. Copy a CA certicate to the local directory on the switch, such as
home:// or usb://.
2 Use the crypto ca-cert install command to install the certicate. When you install a CA certicate, specify the local path
where the certicate is stored.
The switch veries the certicate and installs it in an existing directory of trusted certicates in PEM format.
Install CA certicate
• Install a CA certicate in EXEC mode.
crypto ca-cert install ca-cert-filepath [filename]
– ca-cert-filepath species the local path to the downloaded certicate; for example, home://CAcert.pem or usb://CA-
cert.pem.
– filename species an optional lename that the certicate is stored under in the OS10 trust-store directory. Enter the lename in
the filename.crt format.
Example: Download and install CA certicate
OS10# copy scp:///tftpuser@10.11.178.103:/tftpboot/certs/Dell_rootCA1.pem home://
Dell_rootCA1.pem
password:
OS10# crypto ca-cert install home://Dell_rootCA1.pem
Processing certificate ...
Installed Root CA certificate
CommonName = Dell_rootCA1
IssuerName = Dell_rootCA1
Display CA server certicate
OS10# show crypto ca-certs
--------------------------------------
| Locally installed certificates |
--------------------------------------
Dell_rootCA1.crt
OS10# show crypto ca-certs Dell_rootCA1.crt
Certificate:
Data:
Security
829