Generating Certificates and Private Keys in the CSS
Generating Certificates and Private Keys in the CSS
Note
Cisco Content Services Switch SSL Configuration Guide
3-4
If you have preexisting certificates and private keys, you can import them to the
CSS disk. For information on importing preexisting certificates and private keys,
see the
"Importing or Exporting Certificates and Private Keys"
If you do not have preexisting keys, Diffie-Hellman parameters, and certificates
for the CSS, the CSS includes a series of certificate and private key management
utilities to generate them. These utilities simplify the process of generating an
RSA private key, a DSA private key, a Diffie-Hellman parameter file, a certificate
signing request (CSR), and a self-signed temporary certificate.
The ssl genrsa, gencsr, gendsa, and gencert commands all produce a valid
certificate or key pair. Be aware, however, that most Web browsers will flag the
certificate as signed by an unrecognized signing authority.
A generated certificate is temporary and expires in one year. The ssl gencsr
command generates a certificate request in PKCS10 encoded in Privacy Enhanced
Mail (PEM) format.
This section covers:
Generating an RSA Key Pair
•
Generating a DSA Key Pair
•
Generating Diffie-Hellman Key Parameters
•
Using an RSA Key to Generate a Certificate Signing Request
•
Generating a Self-Signed Certificate
•
Chapter 3
Configuring SSL Certificates and Keys
section.
OL-5655-01