43
825
If both certificates 1 and 2 have been generated, use the ip https certificate
command to activate one of them.
See Keys and Certificates for information on how to display and copy this key pair.
Erasing the startup configuration or returning to factory defaults automatically
deletes the default keys and they are recreated during device initialization.
Example
The following example generates a self-signed certificate for HTTPS whose
length is 2048 bytes.
switchxxxxxx(config)#
43.6 crypto certificate request
The crypto certificate request Privileged EXEC mode command generates and
displays a certificate request for HTTPS.
Syntax
crypto certificate
number
organization
location
] [loc
Parameters
•
number
—Specifies the certificate number. (Range: 1–2)
•
The following elements can be associated with the key. When the key is
displayed, they are also displayed.
-
cn
common- name
address. (Length: 1–64 characters). If unspecified, defaults to the
lowest IP address of the device (when the certificate is generated).
-
organization-unit
ou
name. (Length: 1–64 characters)
-
organization
or
characters)
-
location
loc
characters)
crypto certificate 1 generate key-generate 2048
request
[cn common- name
state
country]
] [st
] [cu
—Specifies the fully qualified device URL or IP
—Specifies the organization-unit or department
—Specifies the organization name. (Length: 1–64
—Specifies the location or city name. (Length: 1–64
OL-32830-01 Command Line Interface Reference Guide
RSA and Certificate Commands
] [ou
organization-unit
] [or