454 Managing keys and certificatesNN47250-500 (320657-F Version 02.01)Creating public-private key pairsTo use a self-signed certificate or Certificate Signing Request (CSR) certificate for WSS authentication, youmust generate a public-private key pair.To create a public-private key pair, use the following command:crypto generate key {admin | domain | eap | ssh | web}{128 | 512 | 1024 | 2048}Choose the key length based on your need for security or to conform with your organization’s practices. Forexample, the following command generates an administrative key pair of 1024 bits:WSS# crypto generate key admin 1024admin key pair generatedSome key lengths apply only to specific key types. For example, 128 applies only to domain keys.SSH requires an SSH authentication key, but you can allow WSS Software to generate it automatically. Thefirst time an SSH client attempts to access the SSH server on a WSS, the switch automatically generates a1024-byte SSH key. If you want to use a 2048-byte key instead, use the crypto generate key ssh 2048command to generate one.Note. After you generate or install a certificate (described in the following sections), donot create the key pair again. If you do, the certificate might not work with the new key, inwhich case you will need to regenerate or reinstall the certificate.