Cisco Nexus Install/uninstall external CA Signed PKI Certificate in trustpoint| create rsakeypair

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi everyone in this video I will be demonstrating how to install PK certificate in Cisco Nexus OS help using Microsoft CA for signing the request from Nexus wise and I will show how to install it in the device I'll be covering both cases how to install and remove why I am covering remove PK cert is the command is going to be little different from install if you give note to the install command it is not going to remove the certificates so we will start configuring first stop is to create a test point so the command is going to be cut o PK a sorry the current is Kryptos see a trust point I'll call trust point us CA 0 1 then we need to create RSA key pair is a key pair we can create as a key pair I call the kiparis key 0 1 then we need to give 2048 if you don't give 2048 it'll by default create fight world by key length key and certain CS will reject with that key length and we will get error now you need to configure enrollment terminal it supports only terminal enrollment now to check the RSA key pair which we created the commanders show crypto key RSA you can see the key label key zero one key sizes 2048 now if you another way to create RSA key pair is the genic method crypto key generate a modulus so before modulus will give a label here so that we can identify the key I'll call this e 0 2 then modulus 2048 now we can see two keys to delete the second key which we have created the commander's crypto the zeroes RSA the name key zero - once you give that a little eat okay now if you give the show crypto key my pug RSA will get only the first key which you have created now if you want to see the plus point configuration so crypto CA trust point you can see it is associated with key pair key zero one and in running configuration you can see the confit by default it has added the Ovation checks here so this is a conflict needed for initial configurator for installing PK certificate but if you see show to see certificates you can see there is no certificates in charter now to install the certificate first we will download the CA certificate to download this install the CA certificate the command is crypto CA authenticate the trust point name what we gave is ca 0 1 will give that name now we need to paste the content of certificate and give end of input to download the CA certificate I'll go to microsoft CA I'll select basicity for download CA certificate okay it is saving as cert you not see here once I go to this folder I can see the file I'll rename this to see a dot CER now I am into that folder in my terminal so copy the complete content I said I'll give end of input yeah won't say give enter this asking do you ice of the certificate alchemy yes you can even verify the fingerprint now show crypto CA certificates you can see the see a certificate now now we need to generate a CSR from our Nexus device for that the command is crypto see you in door again we need to give a transfer name see is 0-1 so it is in secure environment you can give a password so that whenever the CI add mint evokes a certificate they are to use this password for revoking now switch serial number if you want to include you can give yes yeah I got the CSR I'll copy the CSR content need to go to see a request a certificate so I'll put a manual request to my CA I'll select web server submit I'll select pay 64 encoding download the certificate yeah again it is saving a certain you're not CER givius come to my download folder I'll rename this to signed dot CER VI sign dot see ya I will copy the content we'll install the new certificate the commander's crypto C import the trust point name CU 0 1 certificate enter is the content yeah it successfully install the certificate now to verify the certificate show crypto CA certificates now I can see my Nexus devices having a certificate that this was a hostname of my Nexus device this was the domain name IP domain name I configured here to me say that this is a hostname this is my IP dominate with these details it has created a certificate and installed it in my Nexus now to remove the certificate you will try some commands first we will see what are we getting first we'll try giving no see a tres point will be getting an error yeah so what it is saying not as I keep here associated to trust point so disassociated first so we'll go to trust point and try to disassociate our key pair yeah now I am getting error saying that this associating RSI keeper not alone when identity certificate exists [Applause] no I'll try crypto key keys little one RSA is it over yeah see the here also I am getting the error saying that keeper already associated with the certificate exist photos point so we cannot delete it so what it is saying that is a certificate in my trust point we need to delete the certificates first for deleting the certificate and go to my first point there we do keep delete once you give delete you can see multiple commands but certificate CA certificate will try to delete certificate delete certificate here I will be getting please use force option a flicker so for deleting it force now I need to delete even CA certificate otherwise it won't allowed to delete my trust point configuration now do you delete CA certificate now this one now I need to remove the RSA key pair from the trust point ya know I'll say keep it also as well no need to come out and delete that last point now if you see the configuration there is no trust point configuration but still make key one crypto key exists because I haven't deleted this if you want to verify that so good to see a crypto key or a set yeah you can see my key still exists to delete this crypto key is it all know will give shorten ya know yeah everything is rewarded Emily yeah I hope this video was helpful for you to understand basics of how to install a PK certificate in Nexus and how to delete it if you find any better way please put it in the comment box thanks for watching see you in the next video
Info
Channel: NetworkEvolution
Views: 1,683
Rating: undefined out of 5
Keywords: nexus certificate signed by unknown authority, cisco nexus pki, cisco nexus certificate from ca, cisco nexus csr install, cisco nexus trustpoint configuration, nexus rsa keypair generation, cisco nexus install ca certificate in trustpoint, install external signed cert in pki, pki configuration in nexus, nexus remove trustpoint config, cisco nexus delete rsa keypair, delete ca certificate cisco nexus
Id: hFZGh6RZiCc
Channel Id: undefined
Length: 12min 38sec (758 seconds)
Published: Sun Mar 31 2019
Related Videos
Layer 2 Switching & VLANs | Cisco CCNA 200-301
Keith Barker
72K
Cisco ISE : Installing External CA Signed Certificate | STEP BY STEP
Doctor Networks
3.2K
(no) service timestamps: A CCNA 200-301 Command Reference
Chris Bryant
568
Cisco SDA - Building the SDA Fabric using Discovery and LAN Automation
Terry Vinson CCIEx2
1.3K
Public Key Infrastructure PKI Concepts
RadwanoVetch
217K
How To Configure PKI for Microsoft SCCM to Use HTTPS/SSL Instead of HTTP
Patch My PC
97K
Certificates and Certificate Authority Explained
Hussein Nasser
40K
Certificate Installation for Using Cisco Unified Border Element (CUBE) for Direct Routing
Cisco
3.4K
Networking Command Line Tools
NaturalSnaps
1.5M
Cisco Meeting Server (Part 1 of 4)
Vik Malhi
14K
Cisco WLC SSL (2018)
October Leaf
4.3K
Setup and Configure Root CA PKI Certificate Server 2016
Carson Cloud
9.2K
Cisco Automation using Ansible Playbook Part3: Create Inventory group for SSH Key authentication
NetworkEvolution
377
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.