Installing a CA-signed leaf certificate (created outside the switch)

This procedure describes how to install an X.509 leaf certificate that was created and signed (by a CA) outside the switch. And then associate the certificate with one of the following switch features: syslog client, HTTPS server, or HSC (hardware switch controller).

Prerequisites
Procedure
  1. Create the leaf certificate context with the command crypto pki certificate which then switches to the created leaf certificate context.
  2. Import the leaf certificate into the switch with the command import (CA-signed leaf certificate).
  3. Exit the leaf certificate context with the command exit.
  4. Associate the leaf certificate with a switch feature (syslog client, HTTPS server, or HSC) with the command crypto pki application .

Example

This example:

  • Creates the leaf certificate context.
  • imports the CA-signed leaf certificate.
  • Associates the leaf certificate with the syslog client (application) on the switch.
switch(config)# switch(config)# crypto pki certificate CA_LC
switch(config)# switch(config-cert-CA_LC)# import terminal ta-profile root-cert
Paste the certificate in PEM format below, then hit enter and ctrl-D:
switch(config-cert-import)# -----BEGIN CERTIFICATE-----
switch(config-cert-import)# MIIFRDCCAyygAwIBAgIQP8nn2Vp15u07XMktDJANBgkqhkiG9w0Bv
switch(config-cert-import)# MQswCQYDVQGEwJVUEOMAw1UECgwFX1YmxDOgNBAMMB1Jvb3QgQ0Ew
switch(config-cert-import)# HhcNMTkNDEwMjIwNT1WhjIMTA0MjIwNE1jBzQswYDVQQGEwJVUzEL
...
switch(config-cert-import)# 1fIYZYGQyla0AwFuPTTxBXHYRxTPbUYUtmJrwRPmE4OVY8S9DQgcr
switch(config-cert-import)# 1NGNm3NG03GqPScs/TF9bVyFABOrlmm7kNfRlK8D/kMTfRreSdxis
switch(config-cert-import)# YQ1u1NqShps=
switch(config-cert-import)# -----END CERTIFICATE-----
switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY-----
switch(config-cert-import)# MIIFDjBABgkqhkiG9wBBQ0wMzAbBgkiwQwwQImNpJMN7sVGwCAggA
switch(config-cert-import)# MBQGCCqGSIb3DQMHAit+2qadNAASCMgLYJ4AFEfhH5p51Ggr86VqS
switch(config-cert-import)# IJ6L/UhEtH523nUkdV6gvoAWgoYaeD8eswAGv5VS8OMFTPttrn5/K
...
switch(config-cert-import)# OgSecqZsG6arbx0ESaYBir1c6rPs1pcbDx283DD1MWOpeoS2aEmOX
switch(config-cert-import)# iKnXnUMpVPfLc74ty2S41tH0X9gfaa1LiStg+N7cND9XfGtjaV2+/
switch(config-cert-import)# cb4=
switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY-----
switch(config-cert-import)# 
Enter import password: *******
Leaf certificate is validated with root-cert and imported successfully.
switch(config-cert-CA_LC)# exit
switch(config)# crypto pki application syslog-client certificate CA_LC