Creating Certificate Signing Requests and Private Keys

Secure Socket Layer (SSL) allows you to:

Additionally, you can create certificate signing requests (CSRs)/private key pairs. The CSR can then be taken to a Certificate Authority (CA) for signing. The CA then provides the signed certificate, which can be downloaded to the switch using either of the commands listed previously.

To create a CSR, use the following command:

configure ssl csr privkeylen length country code organization org_name common-name name

To view the CSR any time after creating it, use the following command:

show ssl csr



For enhanced security, the minimum private key length is 2,048 (previously it was 1,024). This length is enforced in both private key/self-signed certificate pairs and private key/CSR pairs.