Generating A Self-Signed Certificate - Cisco 11503 - CSS Content Services Switch Configuration Manual

Generating Certificates and Private Keys in the CSS

Generating a Self-Signed Certificate

Note
Note
Cisco Content Services Switch SSL Configuration Guide
3-10
For purposes of SSL testing, you can generate a temporary certificate by
generating a CSR and signing it with your own private key. A generated certificate
is temporary and expires in 30 days. Use the ssl gencert command to generate and
save a temporary certificate to a file on disk in the CSS.
The ssl gencert command produces a valid certificate. However, most Web
browsers flag this certificate as signed by an unrecognized signing authority.
Before you generate the certificate, consider:
The key pair that the certificate is based on (RSA or DSA).
•
The key used to sign the certificate.
•
The ssl gencert command can sign RSA or DSA certificates with either an RSA
key pair or a DSA key pair.
Although the CSS allows signing an RSA certificate with a DSA key (and a DSA
certificate with an RSA key) it is a more standard practice that an RSA certificate
is signed with RSA keys (and DSA certificate is signed with a DSA key).
The syntax for this command is:
ssl gencert certkey certkey signkey signkey certfile "password"
The variables are:
• certkey certkey - The name of the RSA or DSA key pair on which the
certificate is based. Enter an unquoted text string with a maximum of 31
characters.
signkey signkey - The RSA or DSA key pair to be used to sign the certificate.
•
Enter an unquoted text string with a maximum of 31 characters.
certfile - The name of the file used to store the certificate as a file on the CSS.
•
Enter an unquoted text string with a maximum of 31 characters.
"password" - The password used to encode the certificate file using DES
•
(Data Encryption Standard) before it is stored as a file on the CSS. Encoding
the file prevents unauthorized access to the imported certificate and private
Chapter 3 Configuring SSL Certificates and Keys
OL-5655-01