PKI on the switch

The switch provides for installation of CA certificates and the generation and installation of leaf certificates.

Trust anchor profiles

The switch supports multiple trust anchor (TA) profiles. Each TA profile stores the root certificate of a CA. This can be a self-signed certificate, or a certificate issued by a well-known public entity.

CA certificates are use to:
  • Validate the certificates that client stations present when attempting to establish a secure connection with the SSH server on the switch.

  • Validate leaf certificates installed on the switch that are used by the syslog client.

The TA profile also enables configuration of real-time checking of certificate revocation (through OCSP).

Leaf certificates

Leaf certificates can be installed on the switch for use by the syslog client. If you are purchasing a certificate from a well-known public entity, the switch can generate the certificate signing request (CSR) that is used to obtain the certificate. The switch can also directly generate self-signed certificates.