Manualshelf

API Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S3048-ON
1011101210131014101510161017101810191020
请求并安装主机证书
在为群集应用程序替换默认的证书密钥对时请确保群集中的所有设备都使用相同的自定义证书密钥对或同一 CA 颁发的唯一证书密
钥对。
小心: 当您替换默认的证书密钥对时群集设备将暂时丢失其安全通道连接。Dell EMC Networking 建议您在维护时间内更改群
集安全配置。
本示例显示如何为群集应用程序安装 X.509v3 CA 和主机证书密钥对。有关详情请参阅
导入和安装 CA 证书 请参阅管理 CA 证书
生成 CSR 并安装主机证书 请参阅请求和安装主机证书
1. 安装受信任的 CA 证书。
OS10# copy tftp://CAadmin:secret@172.11.222.1/GeoTrust_Universal_CA.crt
home:// GeoTrust_Universal_CA.crt
OS10# crypto ca-cert install home://GeoTrust_Universal_CA.crt
Processing certificate ...
Installed Root CA certificate
CommonName = GeoTrust Universal CA
IssuerName = GeoTrust Universal CA
2. 生成 CSR CSR 复制到 CA 服务器、下载签名的证书并安装主机证书。
OS10# crypto cert generate request cert-file home://s4048-001.csr key-file home://tsr6.key
cname "Top of Rack 6" altname "IP:10.0.0.6 DNS:tor6.dell.com" email admin@dell.com
organization "Dell EMC" orgunit Networking locality "Santa Clara" state California country US
length 1024
Processing certificate ...
Successfully created CSR file /home/admin/tor6.csr and key
OS10# copy home://tor6.csr scp://CAadmin:secret@172.11.222.1/s4048-001-csr.pem
OS10# copy scp://CAadmin:secret@172.11.222.1/s4048-001.crt usb://s4048-001.crt
OS10# crypto cert install crt-file usb://s4048-001.crt key-file usb://s4048-001.key
This will replace the already installed host certificate.
Do you want to proceed ? [yes/no(default)]:yes
Processing certificate ...
Host certificate installed successfully.
3. 配置 X.509v3 安全配置文件。
OS10# show crypto cert
-------------------------------------
| Installed non-FIPS certificates |
-------------------------------------
s4048-001
-------------------------------------
| Installed FIPS certificates |
-------------------------------------
OS10# config terminal
OS10(config)# crypto security-profile secure-cluster
OS10(config-sec-profile)# certificate s4048-001
OS10(config-sec-profile)# exit
4. 配置群集安全配置文件
OS10(config)# cluster security-profile secure-cluster
OS10(config)# exit
安全性
1011