Configuring Certificate Authorities and Digital Certificates
to be not revoked if no other revocation checking methods are configured. This mode of CRL checking is
called CRL optional.
Import and Export Support for Certificates and Associated Key-Pairs
As part of the CA authentication and enrollment process, the subordinate CA certificate (or certificate chain)
and identity certificates can be imported in standard PEM (base64) format.
The complete identity information in a trust point can be exported to a file in the password-protected PKCS#12
standard format. It can be later imported to the same switch (for example, after a system crash) or to a
replacement switch. The information in a PKCS#12 file consists of the RSA key-pair, the identity certificate,
and the CA certificate (or chain).
Configuring CAs and Digital Certificates
This section describes the tasks you must perform to allow CAs and digital certificates your Cisco MDS switch
device to interoperate. This section includes the following sections:
Configuring the Host Name and IP Domain Name
You must configure the host name and IP domain name of the switch if they are not already configured. This
is required because switch FQDN is used as the subject in the identity certificate. Also, the switch FQDN is
used as a default key label when none is specified during key-pair generation. For example, a certificate named
SwitchA.example.com is based on a switch host name of SwitchA and a switch IP domain name of
example.com.
Caution
Changing the host name or IP domain name after generating the certificate can invalidate the certificate.
To configure the host name and IP domain name of the switch, follow these steps:
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# hostname SwitchA
Configures the host name (SwitchA) of the switch.
Step 3
SwitchA(config)# ip domain-name example.com
Configures the IP domain name (example.com) of the switch.
Import and Export Support for Certificates and Associated Key-Pairs
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
121