Generating an RSA Key-Pair

RSA key-pairs are used to sign and/or encrypt and decrypt the security payload during security protocol exchanges for applications such as IKE/IPsec and SSH, and they are required before you can obtain a certificate for your switch.

To generate an RSA key-pair using Fabric Manager, follow these steps:

  1. Expand Switches > Security and then select PKI in the Information pane.
  2. Click the RSA Key-Pair tab.
  3. Click Create Row.
  4. Select the switches for which you want to create the RSA key-pair.
  5. Assign a name to the RSA key-pair.
  6. Select the Size or modulus values. Valid modulus values are 512, 768, 1024, 1536, and 2048.
  7. Note     The security policy (or requirement) at the local site (MDS switch) and at the CA (where enrollment is planned) are considered in deciding the appropriate key modulus.

    Note     The maximum number of key-pairs you can configure on a switch is 16.

  8. Check the Exportable check box if you want the key to be exportable.
  9. Caution    

    The exportability of a key-pair cannot be changed after key-pair generation.

    Note     Only exportable key-pairs can be exported in PKCS#12 format.

  10. Click Create to create the RSA Key-Pair or click Close if you do not want to create the RSA key-pair.


Copyright © 2002-2007, Cisco Systems, Inc. All rights reserved.