Command Line Interface Reference Guide > The SLB Configuration Menu
/cfg/slb/ssl/certs/key
Key Menu
Use this menu to configure a key.
 
[Key Key1 Menu]
name - Set key name
generate - Generate new key
del - Delete key
cur - Display current key configuration
 
Certificate Key Menu 
Command Syntax and Usage
name
 
An optional descriptive name of the key in addition to the key ID.
Values: 0 – 31 characters
generate
 
Creates a new key. Use this value when creating or regenerating a server certificate and/or CSR.
Key types: rsa (default), or ec (elliptic curve)
*rsa (default) — For this key type, select the key size: 512, 1024 (default), 2048, 4096
Note: A 512-bit key is not available when the FIPS HSM module is installed.
*ec — For the elliptic curve key type, select the key size: 192, 224, 256 (default), 384, 521, curve
Note: Selecting key sizes 192, 224, 256, 384, or 521 sets the curves (as defined in RFG5480) secp192rl, secp224rl, secp256rl, secp384rl, and secp521rl respectively. To define a user-defined curve, select curve and then enter any curve “short” name as listed by the openssl ecparam -list_curves command.
Note: Elliptic Curve (EC) cryptography is a public-key cryptosystem derived from the difficulty of solving the elliptic curve discrete logarithm problem. It represents a different way to perform public-key cryptography as an alternative to the older RSA system. The primary advantage of using Elliptic Curve-based cryptography is that it requires significantly smaller key sizes than their non-elliptic curve equivalents, and as a result ECC devices require less storage, less power, less memory, and less bandwidth than other systems. This lets you implement cryptography on platforms that are constrained, such as wireless devices, hand-held computers, smart cards, and thin-clients. It also provides a big win in situations where efficiency is important.
For example, the current key-size recommendation for legacy public schemes is 2048 bits. A vastly smaller 224-bit ECC key offers the same level of security. This advantage only increases with security level. For example, a 3072-bit legacy key and a 256-bit ECC key are equivalent, which will become important as stronger security systems become mandated and devices get smaller.
del
 
Deletes this key. When deleting a key, its associated server certificate and CSR are also deleted.
When using the FIPS HSM module, after deleting a key, then applying and saving, the key is removed from HSM and cannot be restored even when reverting to the backup configuration.
cur
 
Displays the current key settings.