The cli -10 – HP 4100GL User Manual

Configuring Secure Socket Layer (SSL)
Configuring the Switch for SSL Operation

To Generate or Erase the Switch’s Server Certificate with the
CLI

Because the host certificate is stored in flash instead of the running-config
file, it is not necessary to use

write memory to save the certificate. Erasing the

host certificate automatically disables SSL.

CLI commands used to generate a Server Host Certificate.

Syntax: crypto key generate cert [rsa] <512 | 768 |1024>

Generates a key pair for use in the certificate.

crypto key zeroize cert

Erases the switch’s certificate key and disables SSL
operation.

crypto host-cert generate self-signed [arg-list]

Generates a self signed host certificate for the switch.
If a switch certificate already exists, replaces it with
a new certificate. (See the Note, above.)

crypto host-cert zeroize

Erases the switch’s host certificate and disables SSL
operation.

To generate a host certificate from the CLI:

i.

Generate a certificate key pair. This is done with the crypto key
generate cert

. The default key size is 512.

N o t e :

If a certificate key pair is already present in the switch, it is not necessary to
generate a new key pair when generating a new certificate. The existing key
pair may be re-used and the crypto key generate cert command does not have
to be executed

ii. Generate a new self-signed host certificate. This is done with the

crypto host-cert generate self-signed [Arg-List]

command.

N o t e :

When generating a self-signed host certificate on the CLI if there is not
certificate key generated this command will fail.

5-10