Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

RSA Key Management

Refer to the RSA Keys screen to review existing RSA key configurations that have been applied to managed devices. If an existing key does not meet the needs of a pending certificate request, generate a new key or import/export an existing key to and from a remote location.

Rivest, Shamir, and Adleman (RSA) is an algorithm for public key cryptography. The algorithm can be used for certificate signing and encryption. When a device trustpoint is created, the RSA key is the private key used with the trustpoint.

To review existing device RSA key configurations, generate additional keys, or import/export keys to and from remote locations:

  1. In the Certificate Management screen, select Launch Manager from either the SSH RSA Key, RADIUS Certificate Authority, or RADIUS Server Certificate parameters.
  2. Click RSA Keys from the Certificate Management screen.
  3. Select a listed device to review its current RSA key configuration.
    Each key can have its size and character syntax displayed. Once reviewed, optionally generate a new RSA key, import a key from a selected device, export a key to a remote location, or delete a key from a selected device.
  4. Click Generate Key to create a new key with a defined size.
  5. Define the following configuration parameters required for the Import of the key.
    Key Name Enter the 32-character maximum name assigned to the RSA key.
    Key Size Set the size of the key as either 2048 (bits) or 4096 (bits). Leaving this value at the default setting of 2048 is recommended to ensure optimum functionality.
  6. Click OK to generate the RSA key.
    Click Cancel to revert to the last saved configuration.
  7. To optionally import an RSA key, select Import from the Certificate Management > RSA Keys screen.
  8. Define the following parameters required for the Import of the RSA key:
    Key Name Enter the 32-character maximum name assigned to identify the RSA key.
    Key Passphrase Define the key used by both the controller or service platform and the server (or repository) of the target RSA key. Click Show expose the actual characters used in the passphrase. When Show is not selected, the passphrase displays as a series of asterisks (****).
    URL Provide the complete URL to the location of the RSA key. If needed, click Advanced to expand the dialog to display network address information to the location of the target key. The number of additional fields that populate the screen is dependent on the selected protocol.
    Advanced/Basic Select either Advanced or Basic to switch between a basic URL and an advanced location to specify key location.
    Protocol Select the protocol used for importing the target key. Available options include:
    • tftp
    • ftp
    • sftp
    • http
    • cf
    • usb1-4
    Port Set the port. This option is not valid for cf and usb1-4.
    Host Provide the hostname string or numeric IP address of the server used to import the RSA key. Hostnames cannot include an underscore character. This option is not valid for cf and usb1-4.

    Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons.
    Path/File Specify the path to the RSA key. Enter the complete relative path to the key on the server.
  9. Click OK to import the defined RSA key.
    Click Cancel to revert to the last saved configuration.
  10. To optionally export an RSA key, select Export from the Certificate Management > RSA Keys screen.
  11. Define the following configuration parameters required for the Export of the RSA key:
    Key Name Enter the 32-character maximum name assigned to the RSA key.
    Key Passphrase Define the key used by both the controller or service platform and the server. Click Show expose the actual characters used in the passphrase. When Show is not selected, the passphrase displays as a series of asterisks (****).
    URL Provide the complete URL to the location of the key. If needed, click Advanced to expand the dialog to display network address information to the location of the target key. The number of additional fields that populate the screen is dependent on the selected protocol.
    Protocol Select the protocol used for exporting the RSA key. Available options include:
    • tftp
    • ftp
    • sftp
    • http
    • cf
    • usb1-4
    Port Set the port. This option is not valid for cf and usb1-4.
    Host Provide the hostname string or numeric IP address of the server used to export the RSA key. Hostnames cannot include an underscore character. This option is not valid for cf and usb1-4.

    Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons.
    Path/File Specify the path to the key. Enter the complete relative path to the key on the server.
  12. Click OK to export the defined RSA key.
    Click Cancel to revert to the last saved configuration.
  13. To optionally delete a key, click Delete in the Certificate Management > RSA Keys screen.
    Provide the key name in the Delete RSA Key screen and select Delete Certificates to remove the certificate. Click OK to proceed with the deletion, or Cancel to revert to the Certificate Management screen.
Published May 2018prev | next

Email this topicEmail this topic

Print this pagePrint this page