Dell EMC SmartFabric OS10 User Guide Release 10.5.0

• request — Create a certificate signing request to copy to a CA.

• self-signed — Create a self-signed certificate.

• cert-file cert-path — (Optional) Enter the local path where the self-signed certificate or CSR is stored. You can enter a full path or a relative path; for example, flash://certs/s4810-001-request.csr or usb://s4810-001.crt. If you do not enter the cert-file option, the system interactively prompts you to fill in the remaining fields of the certificate signing request. Export the CSR to a CA using the copy command.

• key-file {key-path | private} — Enter the local path where the downloaded or locally generated private key is stored. If the key was downloaded to a remote server, enter the server path using a secure method, such as HTTPS, SCP, or SFTP. Enter private to store the key in a local hidden location.

• country 2-letter-code — (OPTIONAL) Enter the two-letter code that identifies the country.

• state state — Enter the name of the state.

• locality city — Enter the name of the city.

• organization organization-name — Enter the name of the organization.

• orgunit unit-name — Enter name of the unit.

• cname common-name — Enter the common name assigned to the certificate. Common name is the main identity presented to connecting devices. By default, the switch’s host name is the common name. You can configure a different common name for the switch; for example, an IP address. If the common-name value does not match the device’s presented identity, a signed certificate does not validate.

• email email-address — Enter a valid email address used to communicate with the organization.

• validity days — Enter the number of days that the certificate is valid. For a CSR, validity has no effect. For a self-signed certificate, the default is 3650 days or 10 years.

• length bit-length — Enter a bit value for the keyword length. For FIPS mode, the range is from 2048 to 4096; for non-FIPS mode, the range is from 1024 to 4096. The default key length for both FIPS and non-FIPS mode is 2048 bits. The minimum key length value for FIPS mode is 2048 bits. The minimum key length value for non-FIPS mode is 1024 bits.

• altname altname — Enter an alternate name for the organization; for example, using the IP address such as altname IP:192.168.1.100.

If you enter the cert-file option, you must enter all the required parameters, including the local path where the certificate and private key are stored.

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields there will be a default value; if you enter '.', the field will be left blank.
Country Name (2 letter code) [US]:
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) []:Starfleet Command
Organizational Unit Name (eg, section) []:NCC-1701A
Common Name (eg, YOUR name) [hostname]:S4148-001
Email Address []:scotty@starfleet.com

If the system is in FIPS mode — crypto fips enable command — the CSR and private key are generated using approved algorithms from a cryptographic library that has been validated against the FIPS 140-2 standard. You can install the FIPS-compliant certificate-key pair using the crypto cert install command with the fips option.

OS10# crypto cert generate request cert-file home://cert1.pem key-file home://cee OS10-VM email admin@dell.com length 1024 altname DNS.dell.com
Processing certificate ...

Successfully created CSR file /home/admin/cert1.pem and key

OS10# crypto cert generate self-signed cert-file home://cert2.pem key-file home:e OS10-VM email admin@dell.com length 1024 altname.dell.com validity 365
Processing certificate ...

Successfully created certificate file /home/admin/cert2.pem and key