Creating a certificate manually for syslog application

The following steps are performed manually to create a certificate on the switch:

  1. Configure a TA-profile which is required for creating CSR using crypto pki ta-profile <PROFILE_NAME>.

  2. Generate root certificate from a CA server and install the certificate using copy tftp ta-certificate.

  3. Create a CSR request with respect to the created TA-profile using crypto pki create-csr certificate-name <syslog_leaf> ta-profile <PROFILE_NAME> usage ALL.

  4. Install a signed certificate using crypto pki install-signed-certificate. It prompts the administrator to paste the base-64 format of the signed certificate. If the certificate is valid and the associated TA-profile matches the CSR, then switch installs the certificate.

NOTE:

You can automate certificate creation using EST. Refer Creating a syslog certificate using EST server.