Cisco MDS 9000 Series Configuration Manual page 145

Configuring Certificate Authorities and Digital Certificates
AQEEfjB8MDsGCCsGAQUFBzAChi9odHRwOi8vc3NlLTA4L0NlcnRFbnJvbGwvc3Nl
LTA4X0FwYXJuYSUyMENBLmNydDA9BggrBgEFBQcwAoYxZmlsZTovL1xcc3NlLTA4
XENlcnRFbnJvbGxcc3NlLTA4X0FwYXJuYSUyMENBLmNydDANBgkqhkiG9w0BAQUF
AANBADbGBGsbe7GNLh9xeOTWBNbm24U69ZSuDDcOcUZUUTgrpnTqVpPyejtsyflw
E36cIZu4WsExREqxbTk8ycx7V5o=
-----END CERTIFICATE-----
Prompts you to cut and paste the identity certificate for the CA named admin-ca.
Note
Saving Your Configuration
Save your work when you make configuration changes or the information is lost when you exit.
Ensuring Trust Point Configurations Persist Across Reboots
The trust point configuration is a normal Cisco NX-OS configuration that persists across system reboots only
if you copy it explicitly to the startup configuration. The certificates, key-pairs, and CRL associated with a
trust point are automatically persistent if you have already copied the trust point configuration in the startup
configuration. Conversely, if the trust point configuration is not copied to the startup configuration, the
certificates, key-pairs, and CRL associated with it are not persistent since they require the corresponding trust
point configuration after a reboot. Always copy the running configuration to the startup configuration to ensure
that the configured certificates, key-pairs, and CRLs are persistent. Also, save the running configuration after
deleting a certificate or key-pair to ensure that the deletions are permanent.
The certificates and CRL associated with a trust point automatically become persistent when imported (that
is, without an explicitly copying to the startup configuration) if the specific trust point is already saved in
startup configuration.
We also recommend that you create a password-protected backup of the identity certificates and save it to an
external server (see
Note
Copying the configuration to an external server does include the certificates and key-pairs.
Monitoring and Maintaining CA and Certificates Configuration
The tasks in the section are optional. This section includes the following topics:
Exporting and Importing Identity Information to PKCS12 Format
You can export the identity certificate along with the RSA key-pair and CA certificate (or the entire chain in
the case of a subordinate CA) of a trust point to a PKCS#12 file for backup purposes. You can later import
the certificate and RSA key-pair to recover from a system crash on your switch or when you replace the
supervisor modules.
The maximum number of identify certificates you can configure on a switch is 16.
Exporting and Importing Identity Information to PKCS12 Format, on page
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Saving Your Configuration
127).
127