Installing a self-signed leaf certificate (created outside the switch)

This procedure describes how to install a self-signed X.509 leaf certificate (that was created outside the switch). And then associate the certificate with one of the following switch features: syslog client, HTTPS server, or HSC (hardware switch controller).

Prerequisites

  • A self-signed leaf certificate (including private-key data) created outside the switch.

Procedure
  1. Create the leaf certificate context with the command crypto pki certificate which then switches to the created leaf certificate context.
  2. Import the leaf certificate data into the switch with the command import(self-signed leaf certificate).
  3. Exit the leaf certificate context with the command exit.
  4. Associate the leaf certificate with a switch feature (syslog client, HTTPS server, or HSC) with the command crypto pki application.

Example

This example:

  • Creates the leaf certificate context.
  • Imports the self-signed leaf certificate.
  • Associates the leaf certificate with the syslog client (application) on the switch. 
switch(config)# switch(config)# crypto pki certificate SS_LC2
switch(config)# switch(config-cert-SS_LC)# import terminal self-signed
Paste the certificate in PEM format below, then hit enter and ctrl-D:
switch(config-cert-import)# -----BEGIN CERTIFICATE-----
switch(config-cert-import)# MIIFRDCCAyygAwIBAgIQP8nnS2Vp15u07xXMdktDJzANBgkqhkiG9
switch(config-cert-import)# MQswCQYDVQGEwJVUEOMAwGA1UECgwFXJ1YmxDAOgNBAMMB1Jvb3gw
switch(config-cert-import)# HhcNMTkNDEwMjIwNT1WhcjIwMTA0MjIwNE1WjBzQswQYDVQQGEwJV
...
switch(config-cert-import)# 1fIYZYGQyla0AwFuPTTxBXHYwRxTPbUYU5tumJrfwRPmE4OVY8S9D
switch(config-cert-import)# 1NGNm3NG03GqPScs/TF9bVyFA5BOrS5lmm7kNfRYlK8D/kMTfRreS
switch(config-cert-import)# YQ1u1NqShps=
switch(config-cert-import)# -----END CERTIFICATE-----
switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY-----
switch(config-cert-import)# MIIFDjBABgkqhkiG9wBBQ0wMzAbBgkqkiw0QwwDQImNpJMN7sVGwC
switch(config-cert-import)# MBQGCCqGSIb3DQMHAit+2qadNAASCMg5LYJ4AFm3EffhH5p51Ggr8
switch(config-cert-import)# IJ6L/UhEtH523nUkdV6gvoAWgoYaeD83PeswToAGv5VS8OMFTPttr
...
switch(config-cert-import)# OgSecqZsG6arbx0ESaYBir1c/6rPs1pcjbDxw283DiD1MWOpeoS2a
switch(config-cert-import)# iKnXnUMpVPfLc74ty2S41DtH0X9Sgf6aa1LjiStg+N7cND9XfGtj/
switch(config-cert-import)# cb4=
switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY-----
switch(config-cert-import)# 
Enter import password: *******
Leaf certificate is validated as self-signed certificate and imported successfully.
switch(config-cert-SS_LC2)# exit
switch(config)# crypto pki application syslog-client certificate SS_LC2