This document discusses secure remote management options for network devices. It describes how SSH and SSL can be used to securely manage devices via encrypted connections. SSH provides encrypted terminal sessions similar to Telnet, while SSL allows secure management via standard web browsers. The document outlines features of SSH including encryption, authentication, and tunneling of insecure connections. It also provides an overview of how SSL establishes secure communications on insecure networks like the Internet.
This presentation will give you a glance at NOKIA RNC solutions, RNC configuration,RNC cabinet mechanical structure,RNC architecture, RNC plug-in units (PIU)
,RNC function units (FUs), redundancy and PIUs configuration
Time to know some facts and dig deep into the GSM technology that instead of being old, many of them don't know how the system is working which keeps them connected.
This presentation will give you a glance at NOKIA RNC solutions, RNC configuration,RNC cabinet mechanical structure,RNC architecture, RNC plug-in units (PIU)
,RNC function units (FUs), redundancy and PIUs configuration
Time to know some facts and dig deep into the GSM technology that instead of being old, many of them don't know how the system is working which keeps them connected.
5g technology is a unique combination of high speed internet access , low latency , high reliability & seamless coverage which will support no. of vehicles & transport infrastructure. 5G platform will impact many industries like automotive , entertainment, agriculture , manufacturing and IT. As per the research forecast “IOT will account for one quarter of the global 41 million 5G connections in 2024”, out of these ¾ of the devices will be auto industry via embedded vehicle connections.
There are wide range of applications that will benefit from 5G ultra fast networks and real time responsiveness of the network.These properties of 5G technology are very important for many applications of IOT e.g self driven cars , intelligent transportation which demands very low latency .This will be a great boom for interactive mobile gaming which is bandwidth hungry application. 5G technology enables us to control more devices remotely in various applications where real time network performance is critical, like remote control of vehicles. It focuses on worker safety as well as monitoring environment. 5G technology is not focusing on improving speed , but this will prove best in evolution of business etc. IOT in 5G have excelled in connecting number of phones , tablets and other devices, however connecting cars , meters, sensors require more advanced business models.
5g technology is a unique combination of high speed internet access , low latency , high reliability & seamless coverage which will support no. of vehicles & transport infrastructure. 5G platform will impact many industries like automotive , entertainment, agriculture , manufacturing and IT. As per the research forecast “IOT will account for one quarter of the global 41 million 5G connections in 2024”, out of these ¾ of the devices will be auto industry via embedded vehicle connections.
There are wide range of applications that will benefit from 5G ultra fast networks and real time responsiveness of the network.These properties of 5G technology are very important for many applications of IOT e.g self driven cars , intelligent transportation which demands very low latency .This will be a great boom for interactive mobile gaming which is bandwidth hungry application. 5G technology enables us to control more devices remotely in various applications where real time network performance is critical, like remote control of vehicles. It focuses on worker safety as well as monitoring environment. 5G technology is not focusing on improving speed , but this will prove best in evolution of business etc. IOT in 5G have excelled in connecting number of phones , tablets and other devices, however connecting cars , meters, sensors require more advanced business models.
This presentation reviews the various tools that carrier-grade Ethernet offers to meet the performance required from the ICT network and discusses strategies for the transition to Smart Grid communications
a seminar paper presentation .this will help you know about voice transmission over the internet protocol's.as in Skype, watts app. it also give an idea about old technology. thanks. if any mistakes ,and add any updates and share with me .on about this slide
Atleast 86 ways ( MITRE's FiGHT) in which adversaries can hack into 5G.
Moreover, the diverse attack vectors present in LTE, vulnerabilities within legacy 2G/3G networks, and the susceptibility of IT technologies integrated into our telecom infrastructure has led to an expanded attack surface.
With ever-evolving threat landscape it is crucial to act smartly and prioritize security actions. Knowledge and threat intelligence are what help in this regard.
In this webinar dedicated to Telecom Threat Intelligence, we have:
• Explained what the telecom threat landscape is and how MITRE FiGHT assists in prioritization and planning of security activities.
• Reviewed incident investigation with combined phishing, OTP SMS interception, and bank account takeover.
• Deep dived into initial access, execution, and impact of an attack on 5G SA core resulting in Denial of Service.
• Shared the ways to anticipate attack, monitor and promptly break the kill chain in telecom infrastructures.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Secure Management
• Secure management is increasingly important in
modern networks, as the ability to easily and
effectively manage switches and the requirement for
security are the two almost universal requirements.
• Traditionally, switches are managed using either
remote terminal sessions via the Telnet protocol or
management via SNMP.
• Both of these methods have serious security
problems—they are only protected by clear text
reusable passwords.
4. Secure Management - Solutions
• Methods to ensure secure management:
– Access Control and Security - Defining access rules on the
device.
– AAA security services - using usernames and/or password
to Authenticate user’s identity and access (authorization)
level.
– Using encryption methods, checksum and hash
algorithms and/or digital signature.
• Access Control & Security and AAA are explained in
other presentations
5. Security Building Blocks
• Encryption provides
– confidentiality, can provide authentication and integrity
protection
• Checksums/hash algorithms provide
– integrity protection, can provide authentication
• Digital signatures provide
– authentication, integrity protection, and non-repudiation
• Demands for management security and control of the
networking devices touch all areas of the enterprise.
6. Secure Management Options
• The Secure Shell (SSH) protocol provides
encrypted and strongly authenticated remote login
sessions, similar to the Telnet protocol, between a
device running a Secure Shell server and a host
(PC) with a Secure Shell client.
• The Secure Socket Layer (SSL) has been
universally accepted on the World Wide Web for
authenticated and encrypted communication
between clients and servers applications.
Therefore, SSL allows secure management of the
networking devices via the standard WEB browser.
8. SSH protocol features
• Secure connection between one client and one
server
• Client, server, user and message authentication
• Uses “keys” (public and private) to authenticate
user and to negotiate session (encrypt/decrypt)
key – which is shared
• Allows “tunneling” of insecure connections
through the secure SSH channel
• Secure Shell replaces Telnet for remote terminal
sessions. Secure Shell is strongly authenticated
and encrypted.
9. How does SSH Tunneling work?
Insecure
App 23
Telnet Telnetd
Loopback I/F
Loopback I/F
Network I/F
Network I/F
Client Router
This telnet connection is transmitted in the clear – data and passwords
are insecure! 23
Loopback I/F
Loopback I/F
Network I/F
Network I/F
Client Router
Secure SSHd
2023 SSH App 22 App
Set up SSH port forwarding from the client to the server
App Telnet Telnetd 23
Loopback I/F
Loopback I/F
Network I/F
Network I/F
Trnamitted!
Trnamitted!
Never
Never
Client Router
Secure SSHd
2023 SSH App 22 App
The result – a secure connection!
10. What is SSL?
• Secure Sockets Layer (SSL) is a protocol designed to
enable secure communications on an insecure network
such as the Internet
• SSL provides encryption and integrity of communications
along with strong authentication using digital certificates.
11. Introduction to SSL
• The Secure Sockets Layer – SSL, was originally developed by
Netscape Communications and was based on encryption
algorithms developed by RSA Security.
• This is a security protocol that provides communications
privacy over the Internet.
• SSL has been universally accepted on the World Wide Web
for authenticated and encrypted communication between
clients and servers applications.
• The new Internet Engineering Task Force (IETF) standard
called Transport Layer Security (TLS) is based on SSL
12. SSL/TLS
• SSL and TLS are standards for how to secure TCP/IP
communications
• As of the latest revision, TLS is the official name for what
used to be called SSL. However, SSL is still the word most
frequently used.
• TLS is a layer on top of the TCP layer
13. SSL/TLS
Not Secure
secure
HTTP
HTTP TLS
TCP TCP
IP IP
15. SSH-1 vs SSH-2
• SSH-2 and SSH-1 are incompatible, but some servers
have a compatibility mode
• SSH-2 is more secure (stronger encryption and
authentication) and allows more detailed configuration
• SSH-1 has a wider license, and transfers files 4 times as
fast
• AT - 8000S implements SSH-2 only
16. AT - 8000S SSH Implementation
• Inbound Secure Shell connections (server mode).
• RSA keys (proprietary, but commonly used) and
DSA keys (US government standard) are both
supported.
• The keys are not saved as part of the configuration
file, but are saved in the flash.
• When the configuration file is copied, the keys are
not copied along with it
• The public part of the key is up to 2048 bits.
17. SSH Implementation
• Four types of encryption are supported: 3DES, Arcfour
(RC4), AES and Blowfish.
• The type of encryption is agreed upon between the client
and server; it is not configured within the device
• Implements direct SSH session without telnet tunneling
• Up to 4 concurrent SSH (or telnet) sessions are supported
• Ability to authenticate Client public key
18. SSH Procedure
• If needed, enable SSH on the device (the default is
Disabled)
• If needed, define (protocol) port (default is port 22)
• Create either a DSA or RSA pair of keys. Generating
the key may take a short while
• If desired – authenticate Client’s public key.
Alternate user authentication is via the AAA
• If user requests new key, every new session will get
the new key. All running session will keep the old
key.
• PC Side:
– Define keys (if needed)
– Define authentication method (if needed)
– Connect to the device via IP defined on device.
20. SSH CLI – Server and Port
• Use the following Global Mode command to enable SSH
on the device. The “no” form of this command disables
this function.
ip ssh server
no ip ssh server
Note: If encryption keys were not generated the SSH server
will be in standby, until the keys are generated.
• Use the following Global Mode command to specify the
TCP port to be used by the SSH server. The “no” form of
the command returns setting to default port (port 22):
ip ssh port port-number
no ip ssh port
21. CLI SSH – Generating Keys
• Use one or both of the following Global Mode command to
generate encryption key pairs (one public, one private):
crypto key generate rsa
crypto key generate dsa.
• Generation of Keys may take some time
Note: The keys are not saved in the router configuration
(never displayed to the user or backed up to another
device); However, the generated keys are saved in the
flash, and saved across reboots
22. CLI SSH – Example
console# con
console(config)# ip ssh server
console(config)# ip ssh port 22
console(config)# crypto key generate rsa
Replace Existing RSA Key [y/n]? y
01-Jan-2000 01:25:45 %SSHD-I-KEYGENRSA: The SSH
service is generating a private
RSA key.
This may take a few seconds, depending on the key size
console(config)#
23. CLI SSH – Show SSH
• Use the following EXEC Mode command to view SSH
configuration on the device:
show ip ssh
console# sh ip ssh
SSH Server enabled. Port: 22
RSA key was generated.
DSA(DSS) key was generated.
SSH Public Key Authentication is disabled.
Active incoming sessions:
IP address SSH username Version Cipher Auth Code
----------------- -------------- ----------- ----------- --------------
24. CLI SSH – Show Public Keys
• Use the following EXEC Mode command to view this
device public key(s) – created by “crypto key generate”
command
show crypto key mypubkey [rsa|dsa]
console# show crypto key mypubkey rsa
rsa key data:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr/f0fColXgSESRC/4h5zn6t3
CohlzF3w0YCSewm1wYjenCWWyyknfQj9zyeOdgy9j1s5fK9YZncmAGbN+
……
…..
jxOAZHLIQhqka1nfsQ==
Fingerprint(hex): 39:d1:66:41:2b:41:3f:aa:cb:c7:e7:37:a4:89:aa:12
Fingerprint(bubbleBabble): xefam-cybem-bozyr-culiz-kesug-kucud-vivab-
folun-tuhih-nakoh-zyxyx
25. CLI SSH – Key Authentication
• Use the following Global Mode command to enable
client’s public key authentication for incoming SSH
sessions. The no form of the command disables
authentication:
ip ssh pubkey-auth
no ip ssh pubkey-auth
• Use the following command to enter public key
configuration mode (so you can manually specify other
devices’ public keys):
crypto key pubkey-chain ssh
26. CLI SSH – Key Authentication
• Use the following Public Key-chain Mode command to
specify which SSH public key you will configure manually
on the device. The “no” form removes the key:
user-key username {rsa| dsa}
no user-key username
• Follow this command with the key-string command to
specify the key
27. CLI SSH – Key Authentication
• Use one of the following Public Key-string Mode command
to specify the SSH public key of another device:
key-string row word
key-string <sequence>
• Row option – command can be used repeatedly to enter
the full key string (see example). Exiting command mode
indicates end of key.
• <sequence> - user can enter key segment by segment –
until <enter> key is pressed twice (see example)
28. CLI SSH – Key Authentication
• Example – entering RSA user-key key-string (row):
console(config)# crypto key pubkey-chain ssh
console(config-pubkey-chain)# user-key David rsa
console(config-pubkey-key)# key-string row AAAAB3NzaC1yc2EAAAAD
<enter>
console(config-pubkey-key)# key-string row
AQABAAAAgQCJB1P0qq0nk/<enter>
…..
console(config-pubkey-key)# exit
console(config-pubkey-chain)#
Note – device will inform if process was not successful
29. CLI SSH – Key Authentication
• Example – entering RSA user-key key-string (regular
sequence):
console(config)# crypto key pubkey-chain ssh
console(config-pubkey-chain)# user-key george rsa
console(config-pubkey-key)# key-string
AAAAB3NzaC1yc2EAAAAD <enter>
AQABAAAAgQCJB1P0qq0nk/<enter>
….
<enter> <enter>
Fingerprint: 52:92:fc:94:da:1e:ba:2d:4c:00:87:b0:cb:86:12:36
console(config-pubkey-key)#
Note – device will inform if process was not successful
30. CLI – Show Key Authentication
• Use the following EXEC Mode command to view SSH public keys (of
clients) stored on the device:
show crypto key pubkey-chain ssh [username username] [fingerprint bubble-
babble | hex]
Parameters
Username – of the remote SSH client
Fingerprint – bubble-babble or hex, specifies the “signature shortcut”
method of the key
console# show crypto key pubkey-chain ssh
Username Fingerprint
-------------- ---------------------------------------------------------------
George 4e:de:4d:1c:33:43:57:14:6b:aa:29:0d:d0:41:3f:a7
32. SSL Spec
• SSL is used to provide communication privacy over the Internet.
• It is used to support security in the AT - 8000S Embedded Web
Server (EWS).
• SSL provides encryption and integrity of communications along
with strong authentication using digital certificates.
• Initially, client and device will exchange messages to synchronize
on the security policy and public key/certificates, and will
authenticate each other. After that, they agree on a session key,
which will be used to encrypt /decrypt the data
33. SSL Spec
• RSA generated public and private keys
• SSL supported version are: TLS1, V3
• Certificate currently not registered with 3rd party certificate
authority.
• The same libraries used for SSH encryption are used for
SSL encryption
• Up to 12 SSL sessions are available (but only 4 WEB)
• HTTP and HTTPS can be used concurrently
34. SSL Process
• At the onset of the secure session, there is a “SSL
handshake” between the user and the EWS. The handshake
involves:
– Negotiation of the cipher suite
– Establishment of a shared session
– Authentication of the server (Certificate – if 3rd party exists)
– Authentication of the client (optional via AAA)
– Authentication of data
35. SSL User Controls
• User can:
– Enable https server on the device (default is disabled)
– Define HTTPS port (Default is 443)
– Generate certificate to use
– Create public and private key
37. CLI – Enabling HTTPS Server
• Use the following Global Configuration command to enable
the device to be configured from a secured browser. Use
the “no” form of this command to disable this function
(default is disabled):
ip https server
no ip https server
• Use the following Global Configuration command to define
the TCP port to use by a secure web browser to configure
the device. Use the “no” form of this command to return to
the default port (443):
ip https port port-number
no ip https port
38. CLI – Creating SSL Certificate
and Keys
• Use the following Global Configuration command to
generate an HTTPS certificate for your device. This
command also can (optionally) generate a pair of keys
(public & Private):
crypto certificate [ number] generate [key-generate [ length]]
[passphrase string] [cn common- name] [ou organization-unit] [o
organization] [l location] [st state] [c country] [duration days]
number —Specifies the certificate number. (Range: 1 - 2)
If number is unspecified, it defaults to 1.
key-generate—Regenerate SSL RSA key.
length—Specifies the SSL RSA key length. (Range: 512 - 2048)
If length is unspecified, it defaults to 1024.
passphrase string—Passphrase that is used for exporting the
certificate in PKCS12 file format. If unspecified the
certificate is not exportable.
39. SSL Certificate and Keys (Cont.)
cn common- name—Specifies the fully qualified URL or IP
address
of the device. If unspecified, defaults to the
lowest IP address of the device (when the
certificate is generated).
ou organization-unit—Specifies the organization-unit or
department
name.
o organization —Specifies the organization name.
l location — Specifies the location or city name.
st state— Specifies the state or province name.
c country — Specifies the country name.
duration days— Specifies number of days a certification would
be
valid. If unspecified defaults to 365 days.
40. SSL Certificate and Keys (Cont.)
Console(config)# crypto certificate 1 generate key-generate
The command is not saved in the router configuration; however,
the certificate and keys generated by this command are saved in
the private configuration, which is never displayed to the user or
backed up to another device.
41. CLI - Certificate Request
• Use the following privileged EXEC mode command to
export a certificate request to a Certification Authority.
crypto certificate number request common- name [ou
organization-unit] [o organization] [l location] [st state] [c
country]
number—Specifies the certificate number. (Range: 1 - 2)
common- name—Specifies the fully qualified URL or IP address
of
the device.
ou organization-unit—Specifies the organization-unit or
department name.
o organization—Specifies the organization name.
l location—Specifies the location or city name.
st state—Specifies the state or province name.
c country— Specifies the country name.
42. Certificate Request (Cont.)
• The certificate request is generated in Base64-encoded
X.509 format.
• Before issuing a certificate request you must first generate
a self-signed certificate using the “crypto certificate
generate” global configuration command.
• After receiving the certificate from the Certification
Authority, use the “crypto certificate import” global
configuration command to import the certificate into the
device. This certificate would replace the self-signed
certificate.
44. CLI - Importing a Certificate
• Use the following Global Configuration command to accept
an external certificate (signed by Certification Authority) to
the device:
crypto certificate number import
number—Specifies the certificate number. (Range: 1 - 2)
• The imported certificate must be based on a certificate
request created by the “crypto certificate request”
privileged EXEC command.
• If the public key found in the certificate does not match the
device's SSL RSA key, the command will fail.
45. Importing a Certificate
(Cont.)
• This command is not saved in the router configuration;
however, the certificate imported by this command is saved
in the private configuration (which is never displayed to the
user or backed up to another device).
Console(config)# crypto certificate 1 import
46. Activate Certificate for HTTPS
• Use the following Global Configuration command to specify the
HTTPS certificate to use on the device:
ip https certificate number
number—Specifies the certificate number. (Range: 1 - 2)
• To remove a certificate:
no ip https certificate
Console (config)# ip https certificate 1
• Before using this command, use the crypto certificate generate
command in order to generate an HTTPS certificate.
47. CLI – HTTPS Show Commands
• Use the following Privileged EXEC command to view
HTTPS server configuration:
show ip https
• Use the following Privileged EXEC command to view the
SSL certificate of your device:
show crypto certificate mycertificate [number]