Installing a self-signed leaf certificate (created inside the switch)

This procedure describes how to create (wholly inside the switch) and install a self-signed X.509 leaf certificate. And associate it with one of the following switch features: syslog client, HTTPS server, or HSC (hardware switch controller).

  1. Create a leaf certificate context with the command crypto pki certificate . This switches to the leaf certificate configuration context.
  2. Define leaf certificate properties with the command subject .
  3. Set the encryption key type for the leaf certificate with the command key-type .
  4. Generate and install the self-signed certificate with the command enroll self-signed .
  5. Exit the leaf certificate context with the command exit.
  6. Associate the leaf certificate with a switch feature (syslog client, HTTPS server, or HSC) with the command crypto pki application .


This example:

  • Creates the leaf certificate context.
  • Defines the leaf certificate characteristics.

  • Creates and installs the self-signed leaf certificate.
  • Associates the leaf certificate with the syslog client (application) on the switch.
switch(config)# crypto pki cert SS_LC
8400X(config-cert-SS_LC)# subject common-name SSLeaf country US
state CA locality Rocklin org Company org-unit Site
8400X(config-cert-SS_LC)# key-type rsa key-size 3072
8400X(config-cert-SS_LC)# enroll self-signed
You are enrolling a certificate with the following attributes:
Subject: C=US, ST=CA, L=Rocklin, OU=Site, O=Company,
Key Type: RSA (3072)

Continue (y/n)? y
Self-signed certificate is created and enrolled successfully.
8400X(config-cert-SS_LC)# exit
switch(config)# crypto pki application syslog-client certificate SS_LC