Self-signed certificate

A self-signed certificate uses the “default” TA profile, which is created automatically if it does not already exist and one of the ten available TA Profiles is not yet assigned.

Syntax:


[no] crypto pki create-self-signed certificate-name [name] subject [common-name cn-value] [org org-value] [org-unit org-unit-value] [locality location-value] [state state-value] [country country-code]]

To create and install a self-signed local certificate the certificate subject may be configured with the crypto pki identity-profile command.

Options

key-size [1024|2048]

The length of the key; default is 1024 bits.

subject [field <field value>]

Subject fields of the certificate; the default values are specified in the identity profile.

usage [<openflow|web|all>]

Intended application for the certificate; the default is web.

valid-start date

Start date of the certificate.

valid-end date

End date of the certificate.

Subject Fields

Following are the prompts appear if these required fields are not given as arguments.

Enter Common Name(CN) :
Enter Org Unit(OU) :
Enter Org Name(O) :
Enter Locality(L) : 
Enter State(ST) :
Enter Country(C) :

Definitions:

certificate-name

Name of the certificate.

ta-profile

The Trust Anchor Profile associated with the certificate. A profile named ‘default’ is updateable from the web UI.

ta-profile-name

Specify the Switch Id TA profile name.

cn-value

Common Name (CN) – must be present, max length 90.

org-value

Organization Name (O) – preferred, max length 100.

org-unit value

Organizational Unit Name (OU) – preferred, max length 100.

location-value

Locality (L) – optional, max length 100.

state-value

State (ST) – optional, max length 100.

country-code

To specify the two letter ISO 3166-1 country code. Max length 2.

valid-start

Certificate validity start date (MM/DD/YYYY).

valid-end

Certificate validity end date (MM/DD/YYYY).

The default value for start date is the current date and the default value for the end date is the current date plus one year.

Local enrollment is implemented in the web UI and the security — SSL page is updated for the web UI SSL server application. The Web UI does not provide general PKI configurability for all applications creation or management of other device certificates.