Connectivity Guide
Command mode EXEC
Usage information Before using the crypto cert install command, copy a CA-signed certicate to the home directory on the
switch using a secure connection, such as HTTPS, SCP, or SFTP, and (optionally) the private key. To delete a
trusted certicate, use the crypto cert delete command.
A successful installation of a trusted certicate requires that:
• The downloaded certicate is correctly formatted.
• The downloaded certicate’s public key corresponds to the private key.
You can assign an installed certicate-key pair to a security prole by entering the le name of the certicate
without an extension.
It is possible to store a certicate in either FIPS mode or non-FIPS mode on the switch, but not in both modes,
using the crypto cert install command and the optional fips option. You must ensure that certicates
installed in FIPS mode are compliant with the FIPS 140-2 standard.
Example
OS10# crypto cert install cert-file home://Dell_host1_CA1.pem key-file home://
Dell_host1_CA1.key
Processing certificate ...
Certificate and keys were successfully installed as "Dell_host1_CA1.pem" that
may be used in a security profile. CN = Dell_host1_CA1.
Supported releases 10.4.3.0 or later
crypto security-prole
Creates an application-specic security prole.
Syntax
crypto security-profile profile-name
Parameters prole-name — Enter the name of the security prole, up to 32 characters.
Default Not congured
Command mode CONFIGURATION
Usage information Create a security prole for a specic application on the switch, such as RADIUS over TLS. A security prole
associates a certicate and private key pair using the certificate command. The no form of the command
deletes the security prole.
Example
OS10# crypto security-profile secure-radius-profile
OS10(config-sec-profile)#
Supported releases 10.4.3.0 or later
show crypto ca-certs
Displays all CA certicates installed on the switch.
Syntax
show crypto ca-certs [filename]
Parameters filename — (Optional) Enter the text lename of a CA certicate as shown in the show crypto ca-certs
output. Enter the lename in the format filename.crt.
Default Display all installed CA certicates.
Command mode EXEC
Security 843