About Cas And Digital Certificates - Cisco AP776A - Nexus Converged Network Switch 5020 Configuration Manual

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
Configuring Certificate Authorities and Digital
Certificates
Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to
obtain and use digital certificates for secure communication in the network. PKI support provides
manageability and scalability for IPsec/IKE and SSH.
This chapter includes the following sections:
•
•
•
•
•

About CAs and Digital Certificates

This section provides information about certificate authorities (CAs) and digital certificates, and
includes the following topics:
•
•
•
•
•
•
•
•
•
•
•
OL-18084-01, Cisco MDS NX-OS Release 4.x
About CAs and Digital Certificates, page 36-1
Configuring CAs and Digital Certificates, page 36-5
Example Configurations, page 36-15
Maximum Limits, page 36-37
Default Settings, page 36-38
Purpose of CAs and Digital Certificates, page 36-2
Trust Model, Trust Points, and Identity CAs, page 36-2
RSA Key-Pairs and Identity Certificates, page 36-2
Multiple Trusted CA Support, page 36-3
PKI Enrollment Support, page 36-4
Manual Enrollment Using Cut-and-Paste Method, page 36-4
Multiple RSA Key-Pair and Identity CA Support, page 36-4
Peer Certificate Verification, page 36-4
CRL Downloading, Caching, and Checking Support, page 36-5
OCSP Support, page 36-5
Import and Export Support for Certificates and Associated Key Pairs, page 36-5
C H A P T E R
Cisco MDS 9000 Family CLI Configuration Guide
36
36-1