Associating Certificate and Private Key Files with Names
Verifying a Certificate Against a Key Pair
Note
Removing Certificates and Private Keys from the CSS
Cisco Content Services Switch SSL Configuration Guide
3-20
A digital certificate is built around a public key and can only be used with one key
pair. Use the ssl verify command to compare the public key in the associated
certificate with the public key stored with the associated private key, and verify
that they are identical. To see a list of certificate and key pair associations, use the
ssl verify ? command.
If the certificate does not match the public/private key pair, the CSS logs an error
message.
The syntax for this command is:
ssl verify certname keyname
The variables are:
certname - The association name of the certificate used to verify against the
•
specified key pair.
keyname - The association name of the key pair used to verify against the
•
specified certificate.
For example, to verify the myrsacert1 digital certificate against the myrsakey1 key
pair, enter:
(config)# ssl verify myrsacert1 myrsakey1
Certificate and key match
To remove certificates and private keys from the CSS that are no longer valid, use
the clear ssl file command. Note that the clear ssl file command does not function
if the file currently has an association with it. First remove the association to the
file by specifying the no ssl associate command (see the
and Private Key Files with Names"
The syntax for this global configuration mode command is:
clear ssl file filename password
Chapter 3
Configuring SSL Certificates and Keys
"Associating Certificate
section).
OL-5655-01