Enrollment of application certificate using AirWave ZTP

Following is the recommended workflow for enrollment of application certificate using AirWave:

Configure EST server using EST server configuration commands.
  1. Enable ZTP on your switch, so that the switch connects to AirWave server.
  2. Install the EST CA certificate in your switch using AirWave CLI window. To create a TA profile, and copy the EST certificate, execute following commands:
    crypto pki ta-profile EST_CA
    copy tftp ta-certificate EST_CA <tftpserverIp> estca.pem
  3. Push the switch configuration template having EST server configuration from the AirWave server to the switch.
    est-server "myprofile" "https://<myEstServer>:8085"
    crypto pki enroll-est-certificate " myprofile" certificate-name "estcert2" ta-profile "estta2" subject common-name "mycompany" org-unit "123" org  "ar" locality "Tn" state "TN" country "IN" usage syslog

    Following configurations, enable the switch to connect with the EST server to install the certificate to connect to the Syslog server.