Installing a self-signed leaf certificate (created outside the switch)
This procedure describes how to install a self-signed X.509 leaf certificate (that was created outside the switch). And then associate the certificate with one of the following switch features: syslog client, HTTPS server, or HSC (hardware switch controller).
Prerequisites
A self-signed leaf certificate (including private-key data) created outside the switch.
Procedure
-
Create the leaf certificate context with the command
crypto pki certificate
which then switches to the created leaf certificate context. -
Import the leaf certificate data into the switch with the command
import(self-signed leaf certificate)
. -
Exit the leaf certificate context with the command
exit
. -
Associate the leaf certificate with a switch feature (syslog client, HTTPS server, or HSC) with the command
crypto pki application
.
Example
This example:
- Creates the leaf certificate context.
- Imports the self-signed leaf certificate.
- Associates the leaf certificate with the syslog client (application) on the switch.
switch(config)# switch(config)# crypto pki certificate SS_LC2 switch(config)# switch(config-cert-SS_LC)# import terminal self-signed Paste the certificate in PEM format below, then hit enter and ctrl-D: switch(config-cert-import)# -----BEGIN CERTIFICATE----- switch(config-cert-import)# MIIFRDCCAyygAwIBAgIQP8nnS2Vp15u07xXMdktDJzANBgkqhkiG9 switch(config-cert-import)# MQswCQYDVQGEwJVUEOMAwGA1UECgwFXJ1YmxDAOgNBAMMB1Jvb3gw switch(config-cert-import)# HhcNMTkNDEwMjIwNT1WhcjIwMTA0MjIwNE1WjBzQswQYDVQQGEwJV ... switch(config-cert-import)# 1fIYZYGQyla0AwFuPTTxBXHYwRxTPbUYU5tumJrfwRPmE4OVY8S9D switch(config-cert-import)# 1NGNm3NG03GqPScs/TF9bVyFA5BOrS5lmm7kNfRYlK8D/kMTfRreS switch(config-cert-import)# YQ1u1NqShps= switch(config-cert-import)# -----END CERTIFICATE----- switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# MIIFDjBABgkqhkiG9wBBQ0wMzAbBgkqkiw0QwwDQImNpJMN7sVGwC switch(config-cert-import)# MBQGCCqGSIb3DQMHAit+2qadNAASCMg5LYJ4AFm3EffhH5p51Ggr8 switch(config-cert-import)# IJ6L/UhEtH523nUkdV6gvoAWgoYaeD83PeswToAGv5VS8OMFTPttr ... switch(config-cert-import)# OgSecqZsG6arbx0ESaYBir1c/6rPs1pcjbDxw283DiD1MWOpeoS2a switch(config-cert-import)# iKnXnUMpVPfLc74ty2S41DtH0X9Sgf6aa1LjiStg+N7cND9XfGtj/ switch(config-cert-import)# cb4= switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# Enter import password: ******* Leaf certificate is validated as self-signed certificate and imported successfully. switch(config-cert-SS_LC2)# exit switch(config)# crypto pki application syslog-client certificate SS_LC2