Self-signed certificate

A self-signed certificate uses the “default” TA profile, which is created automatically if it does not already exist and one of the ten available TA Profiles is not yet assigned.


[no] crypto pki create-self-signed certificate-name [name] subject [common-name cn-value] [org org-value] [org-unit org-unit-value] [locality location-value] [state state-value] [country country-code]]

To create and install a self-signed local certificate the certificate subject may be configured with the crypto pki identity-profile command.


key-size [1024|2048]

The length of the key; default is 1024 bits.

subject [field <field value>]

Subject fields of the certificate; the default values are specified in the identity profile.

usage [<openflow|web|all>]

Intended application for the certificate; the default is web.

valid-start date

Start date of the certificate.

valid-end date

End date of the certificate.

Subject Fields

Following are the prompts appear if these required fields are not given as arguments.

Enter Common Name(CN) :
Enter Org Unit(OU) :
Enter Org Name(O) :
Enter Locality(L) : 
Enter State(ST) :
Enter Country(C) :



Name of the certificate.


The Trust Anchor Profile associated with the certificate. A profile named ‘default’ is updateable from the web UI.


Specify the Switch Id TA profile name.


Common Name (CN) – must be present, max length 90.


Organization Name (O) – preferred, max length 100.

org-unit value

Organizational Unit Name (OU) – preferred, max length 100.


Locality (L) – optional, max length 100.


State (ST) – optional, max length 100.


To specify the two letter ISO 3166-1 country code. Max length 2.


Certificate validity start date (MM/DD/YYYY).


Certificate validity end date (MM/DD/YYYY).

The default value for start date is the current date and the default value for the end date is the current date plus one year.

Local enrollment is implemented in the web UI and the security — SSL page is updated for the web UI SSL server application. The Web UI does not provide general PKI configurability for all applications creation or management of other device certificates.