Chapter 36
Configuring Certificate Authorities and Digital Certificates
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Deleting RSA Key-Pairs from Your Switch
Under certain circumstances you may want to delete your switch's RSA key-pairs. For example, if you
believe the RSA key-pairs were compromised in some way and should no longer be used, you should
delete the key-pairs.
To delete RSA key-pairs from your switch, follow these steps:
Command
Step 1
switch# config terminal
switch(config)#
Step 2
switch(config)# crypto key zeroize rsa MyKey
Step 3
switch(config)# end
switch#
Step 4
switch# copy running-config startup-config
Note
Displaying Key-Pair and CA Information
To view key-pair and CA information, use the following commands in EXEC mode:
Command
switch# show crypto key mypubkey rsa
switch# show crypto ca certificates
switch# show crypto ca crl
switch# show crypto ca trustpoints
Example Configurations
This section shows an example of the tasks you can use to configure certificates and CRLs on the Cisco
MDS 9000 Family switches using the Microsoft Windows Certificate server.
This section includes the following topics:
•
•
•
•
•
OL-18084-01, Cisco MDS NX-OS Release 4.x
After you delete RSA key-pairs from a switch, ask the CA administrator to revoke your switch's
certificates at the CA. You must supply the challenge password you created when you originally
requested the certificates. See
Configuring Certificates on the MDS Switch, page 36-16
Downloading a CA Certificate, page 36-19
Requesting an Identity Certificate, page 36-23
Revoking a Certificate, page 36-29
Generating and Publishing the CRL, page 36-32
Purpose
Enters configuration mode.
Deletes the RSA key-pair whose label is
MyKey.
Returns to EXEC mode.
Copies the running configuration to the
startup configuration to ensure the
configuration is persistent across reboots.
"Generating Certificate Requests" section on page
Purpose
Displays information about the switch's RSA public
keys.
Displays information on CA and identity certificates.
Displays information about CA CRLs.
Displays information about CA trust points.
Cisco MDS 9000 Family CLI Configuration Guide
Example Configurations
36-10.
36-15