Comments on certificate fields

There are a number of arguments used in the generation of a server certificate. The following table describes these arguments.

Certificate field descriptions

Field Name

Description

Valid Start Date

This should be the date you desire to begin using the SSL functionality.

Valid End Date

This can be any future date, however good security practices would suggest a valid duration of about one year between updates of passwords and keys.

Common Name

This should be the IP address or domain name associated with the switch. Your web browser may warn you if this field does not match the URL entered into the web browser when accessing the switch

Organization

This is the name of the entity (e.g. company) where the switch is in service.

Organizational Unit

This is the name of the sub-entity (e.g. department) where the switch is in service.

City or Location

This is the name of the city where switch is in service

State Name

This is the name of the state or province where switch is in service

Country Code

This is the ISO two-letter country-code where switch is in service

Self-signed server host certificate on the CLI for the switch
NOTE:

“Zeroizing” the switch’s server host certificate or key automatically disables SSL (sets web-management ssl to No). Thus, if you zeroize the server host certificate or key and then generate a new key and server certificate, you must also re-enable SSL with the web-management ssl command before the switch can resume SSL operation.