Generate the Key Pair

About this task

Use the following procedure to generate the private and public key pair for the specific cryptography type. By default, the switch generates a 2,048 RSA key when the system starts. You can use this procedure to generate a new RSA key or to generate multiple RSA keys identified by a key-name. You can generate up to 10 RSA keys.

Procedure

Enter Global Configuration mode:

enable

configure terminal
Generate the key pair:

certificate generate-keypair {[type rsa size 2048] | [key-name WORD<1-45>]}

Example

Generating the key pair identified by a key-name:

Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#certificate generate-keypair key-name pki_key 
Switch:1(config)#1 2021-06-22T11:33:53.036Z VSP-4900-24XE CP1 - 0x003a864c - 00000000 
GlobalRouter DIGITALCERT INFO Digicert Key-pair generation is in progress
Switch:1(config):#1 2021-06-22T11:33:53.052Z VSP-4900-24XE CP1 - 0x003a8604 - 00000000 GlobalRouter 
DIGITALCERT INFO Generation of RSA key-pair for digital certificate is successful
1 2021-06-22T11:33:58.711Z Switch CP1 - 0x003a864d - 00000000 GlobalRouter DIGITALCERT 
INFO Digicert Key-pair generation completed successfully for key-name: pki_key

Display the configured key pairs:

Switch:1>show certificate key-name
Key Name: pki_key
Public Key Value: 00000000000000010000000102000000000301000100000100bdb1cf8382d66a2d2d0d24b4477908641c16423c089d9131781a3ada005e
52074e1ff3561e29598f93c53dcb06e4d235335573419bb938b6ccf93d3e6767d0932e129ea2f556276efce2be825df1f9dc661d3cafee7125f4f7126f5ba7e8
d9029623398b7d3fb00063ea0e4bedd56e276c52a6371b289de3ee4198ff2397b512b516604eac4e5f0f4a0621d7ac42541491d368f21e17a440aa6130a825a2
a7ca6ab1d7a7868f93e4d0d83c7e4973cf204b4f5f654abbaa9aa6199247976488b0957e65b656a6d21a2a4ac4d322a36c786d8a8deec763b6aec0d05b0f6bfe
87602caecb2cc71e2e4f9f4f8c4d4d4e9b25adf9c02eb44b763542f0449a326d0f3b

Key Name: rsa_2048
Public Key Value: 00000000000000010000000102000000000301000100000100c150b1851644aaaef08060f3b3a7a0618758b84184867ffd80b3e02ec306
76171fe36e99f5450656fc6e6db672b6239f760c97c3e49639cea5d503c0e478bf7a4d213d5698d09d63622ccb279addbaa34135c81d70660489b55b6babca59
4f17d8ed250cf917325df0f73a10896157e6e3a24a584bc713b2e6493d059c8efd53bbbf5db0aa95b43c1668ba1053d0fe0e5c44dc889bd35bf11730e5827cb2
068048ab97e9f0757514f47332337376eed83a7cb95a53462639f5a47f026b0172cfa3ddffee7269e737a32d8f2e5590a9ee07d3f329af4e4f2a73ed9de59991
6bc25e6ac51e482cbbb71f736ec0e396fc314e5eed3c438efff68d1a31bdbed24d55

Variable Definition

The following table defines parameters for the generate-keypair command.


Variable	Value
type rsa	Specifies type of cryptography algorithm used to generate the key-pair. The switch uses only rsa as the cryptography algorithm type.
size 2048	Specifies the size or modulus of key-pair to be generated. The switch only supports 2048.
key-name `WORD<1-45>` Note: Exception: Not supported on VSP 8600 Series.	Specifies the key label for RSA 2048 key to be generated. You can configure up to 10 RSA keys by specifying the key-name label. The default key-name label is rsa_2048.