Installing a self-signed leaf certificate (created inside the switch)
This procedure describes how to create (wholly inside the switch) and install a self-signed X.509 leaf certificate. And associate it with one of the following switch features: syslog client, HTTPS server, or HSC (hardware switch controller).
Procedure
-
Create a leaf certificate context with the command
crypto pki certificate
. This switches to the leaf certificate configuration context. -
Define leaf certificate properties with the command
subject
. -
Set the encryption key type for the leaf certificate with the command
key-type
. -
Generate and install the self-signed certificate with the command
enroll self-signed
. -
Exit the leaf certificate context with the command
exit
. -
Associate the leaf certificate with a switch feature (syslog client, HTTPS server, or HSC) with the command
crypto pki application
.
Example
This example:
- Creates the leaf certificate context.
Defines the leaf certificate characteristics.
- Creates and installs the self-signed leaf certificate.
- Associates the leaf certificate with the syslog client (application) on the switch.
switch(config)# crypto pki cert SS_LC 8400X(config-cert-SS_LC)# subject common-name SSLeaf country US state CA locality Rocklin org Company org-unit Site 8400X(config-cert-SS_LC)# key-type rsa key-size 3072 8400X(config-cert-SS_LC)# enroll self-signed You are enrolling a certificate with the following attributes: Subject: C=US, ST=CA, L=Rocklin, OU=Site, O=Company, CN=SSLeaf Key Type: RSA (3072) Continue (y/n)? y Self-signed certificate is created and enrolled successfully. 8400X(config-cert-SS_LC)# exit switch(config)# crypto pki application syslog-client certificate SS_LC