beautypg.com

Changing the ssl server certificate key size – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 74

background image

Changing the SSL server certificate key size

The default key size for Brocade-issued and imported digital certificates is 1024 bits. If desired, you
can change the default key size to a value of 512, 2048, or 4096 bits. To do so, enter a command
such as the following at the Global CONFIG level of the CLI.

Brocade(config)#ip ssl cert-key-size 512

Syntax: ip ssl cert-key-size <512/ 1024/ 2048/ 4096>

NOTE
The SSL server certificate key size applies only to digital certificates issued by
Brocade and does not apply to imported certificates.

Support for SSL digital certificates larger than 2048 bits

Brocade devices have the ability to store and retrieve SSL digital certificates that are up to 4000 bits in
size.

Support for SSL certificates larger than 2048 bits is automatically enabled. You do not need to perform
any configuration procedures to enable it.

Importing digital certificates and RSA private key files

To allow a client to communicate with other Brocade device using an SSL connection, you configure a
set of digital certificates and RSA public-private key pairs on the device. A digital certificate is used for
identifying the connecting client to the server. It contains information about the issuing Certificate
Authority, as well as a public key. You can either import digital certificates and private keys from a
server, or you can allow the Brocade device to create them.

If you want to allow the Brocade device to create the digital certificates, refer to the next section,

Generating an SSL certificate

on page 75. If you choose to import an RSA certificate and private key

file from a client, you can use TFTP to transfer the files.

For example, to import a digital certificate using TFTP, enter a command such
as the following:

Brocade(config)#ip ssl certificate-data-file tftp 192.168.9.210 certfile

Syntax: [no] ip ssl certificate-data-file tftpip-address certificate-filename

To import an RSA private key from a client using TFTP, enter a command such
as the following:

Brocade(config)#ip ssl private-key-file tftp 192.168.9.210 keyfile

Syntax: [no] ip ssl private-key-file tftp ip-address key-filename

The ip-address is the IP address of a TFTP server that contains the digital
certificate or private key.

NOTE
The RSA key can be up to 4096 bits.

Changing the SSL server certificate key size

74

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: