Trust anchor profile (crypto pki ta-profile)

The profile defines required Anchor Trust for several certificate-specific operations, such as certificate enrollment and certificate validations. A trust anchor may be a Root CA certificate or an Intermediate CA certificate. The following command creates a trust anchor profile.

Syntax

(config) # [no] crypto pki ta-profile <profile-name> ssh-username <ssh-username>
      

Description

Create a Trust Anchor profile and associate it with an SSH username.

Options

profile-name

A name (maximum 100 characters) with a unique identifier for the Trust Anchor Profile. Ten TA profiles are supported: one for each allowed trust anchor (Root CA certificate.)

Profile number 2 is always reserved for self-signed certificate. For example, you can only create 9 TA profiles (Root CA certificates) per switch.

ssh-username

Set the username whose certificate will be validated with the TA profile for two-factor authentication.