HP (Hewlett-Packard) 2800 Series Switch User Manual


 
7-10
Configuring Secure Socket Layer (SSL)
Configuring the Switch for SSL Operation
To Generate or Erase the Switch’s Server Certificate with the
CLI
Because the host certificate is stored in flash instead of the running-config
file, it is not necessary to use write memory to save the certificate. Erasing the
host certificate automatically disables SSL.
CLI commands used to generate a Server Host Certificate.
To generate a host certificate from the CLI:
i. Generate a certificate key pair. This is done with the crypto key
generate cert command. The default key size is 512.
Note: If a certificate key pair is already present in the switch, it is not necessary to
generate a new key pair when generating a new certificate. The existing key
pair may be re-used and the crypto key generate cert command does not have
to be executed
ii. Generate a new self-signed host certificate. This is done with the
crypto host-cert generate self-signed [ Arg-List ] command.
Note: When generating a self-signed host certificate on the CLI if there is not
certificate key generated this command will fail.
Syntax: crypto key generate cert [rsa] < 512 | 768 |1024 >
Generates a key pair for use in the certificate.
crypto key zeroize cert
Erases the switch’s certificate key and disables SSL opera-
tion.
crypto host-cert generate self-signed [arg-list]
Generates a self signed host certificate for the switch. If a
switch certificate already exists, replaces it with a new
certificate. (See the Note on page 7-9.)
crypto host-cert zeroize
Erases the switch’s host certificate and disables SSL opera-
tion.