This command configures the switch's private key, the switch's public certificate, and the Certificate Authority (CA) certificate(s) that were used to issue the controller‘s certificate. All three of these credentials are required to establish a secure TLS connection.
| privkey | Private key used to certify that the switch‘s certificate is trustworthy. Entered interactively in PEM format. |
| <cr> | Carriage return. Press Enter to enter PEM data and passphrase (if necessary) interactively. |
| no-confirm | Enter PEM data interactively, and then accept privkey without prompting for confirmation. |
| certificate pki-cert-list | Designates the certificate for the switch's identity to be used for outgoing TLS connections. The certificates of the CA that was used to sign this certificate must be trusted by the TLS peer (that is, the controller). If you provide a list in pki-cert-list, only the first certificate is used. |
| ca-cert pki-cert-list | Designates the list of CA certificates that the switch should use to verify certificates presented to it by TLS peers. (This may be the same certificate list that TLS peers use to verify the certificate specified by 'certificate', or it may be a different one, depending on the PKI design in use). The list in pki-cert-list must contain at least one certificate. |
N/A
All command modes.
This example sets the switch's private key without confirmation, and then the switch's certificate and controller CA certificate.
set tls privkey no-confirm -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA1gb8R98qJXslizg+ftckwQYtLFrEx1lLD6eIoicMteig3Sbx ordFU8mXnAmbTeFd97JpqiEd7y9jQmz4qrdgo6A+Dh5MY9Cdu1tUGwaUzI3vkkcb .... L03KpfhujdkR9iS7rWmHovZJIlNKs9egCx6fNVb22GcPPsMjU+4+1VfY/MivDg== -----END RSA PRIVATE KEY----- quit set tls certificate sc-cert set tls ca-cert ca-cert
The switch‘s actual certificate (“sc-cert”) and the controller‘s CA certificate chain (“ca-cert”) must be configured using set pki certificate.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB