Installing a self-signed leaf certificate (created inside the switch)

This procedure describes how to create (wholly inside the switch) and install a self-signed X.509 leaf certificate. And associate it with one of the following switch features: syslog client, HTTPS server, or HSC (hardware switch controller).

  1. Create a leaf certificate context with the command crypto pki certificate. This switches to the leaf certificate configuration context.
  2. Define leaf certificate properties with the command subject.
  3. Set the encryption key type for the leaf certificate with the command key-type.
  4. Generate and install the self-signed certificate with the command enroll self-signed .
  5. Exit the leaf certificate context with the command exit.
  6. Associate the leaf certificate with a switch feature (syslog client, HTTPS server, or HSC) with the command crypto pki application.


This example:

  • Creates the leaf certificate context.
  • Defines the leaf certificate characteristics.

  • Creates and installs the self-signed leaf certificate.
  • Associates the leaf certificate with the syslog client (application) on the switch.
switch(config)# crypto pki cert SS_LC
8400X(config-cert-SS_LC)# subject common-name SSLeaf country US
state CA locality Rocklin org Company org-unit Site
8400X(config-cert-SS_LC)# key-type rsa key-size 3072
8400X(config-cert-SS_LC)# enroll self-signed
You are enrolling a certificate with the following attributes:
Subject: C=US, ST=CA, L=Rocklin, OU=Site, O=Company,
Key Type: RSA (3072)

Continue (y/n)? y
Self-signed certificate is created and enrolled successfully.
8400X(config-cert-SS_LC)# exit
switch(config)# crypto pki application syslog-client certificate SS_LC