About Cas And Digital Certificates - Cisco AP775A - Nexus Converged Network Switch 5010 Configuration Manual

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Configuring Certificate Authorities and Digital
Certificates
Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to
obtain and use digital certificates for secure communication in the network. PKI support provides
manageability and scalability for IPsec/IKE and SSH.
This chapter includes the following sections:
•
•
•
•
•

About CAs and Digital Certificates

This section provides information about certificate authorities (CAs) and digital certificates, and
includes the following topics:
•
•
•
•
•
•
•
•
•
•
•
OL-17256-03, Cisco MDS NX-OS Release 4.x
About CAs and Digital Certificates, page 43-1
Configuring CAs and Digital Certificates, page 43-6
Example Configurations, page 43-17
Maximum Limits, page 43-36
Default Settings, page 43-37
Purpose of CAs and Digital Certificates, page 43-2
Trust Model, Trust Points, and Identity CAs, page 43-2
RSA Key-Pairs and Identity Certificates, page 43-2
Multiple Trusted CA Support, page 43-3
PKI Enrollment Support, page 43-4
Manual Enrollment Using Cut-and-Paste Method, page 43-4
Multiple RSA Key-Pair and Identity CA Support, page 43-4
Peer Certificate Verification, page 43-5
CRL Downloading, Caching, and Checking Support, page 43-5
OCSP Support, page 43-5
Import and Export Support for Certificates and Associated Key Pairs, page 43-5
C H A P T E R
Cisco MDS 9000 Family Fabric Manager Configuration Guide
43
43-1