Adding and deleting a certificate

Procedure
  1. To add a certificate:
    1. In the navigation pane, expandSecurity, and selectPKI.

      The PKI page is displayed.

    2. In theCertificatespanel, clickNew Certificate.

      The New Certificate Info dialog box is displayed.

    3. In theCertificate Namefield, enter a name for the certificate.

      The certificate name can contain lowercase alphanumeric, dot, hyphen, and underscore characters. Thedevice-identityandlocal-certcertificates are added by default.

    4. Configure the following optional parameters:

      • Certificate Type: Select eitherregularorself-signedfrom the drop-down. Regular certificates are signed by a CA. Self-signed certificates are signed by the switch or the user who is using the certificate and not signed by a CA.

      • EST Profile: Select the EST profile to associate with the certificate. This field is displayed only for theregularcertificate type.

      • Key Type: Select eitherRSAorECDSAfrom the drop-down for the encryption key type. The default type is RSA.

      • Key Size: Select the key size from the drop-down for the key type selected.

        RSA key type has longer key size with values: 2048, 3072, and 4096 bits. The default size for RSA is 2048. The ECDSA key type has shorter key size with values: 256, 381, and 521 bits. The default size for ECDSA is 256.

    5. In theCommon Namefield, enter the IP address or domain name associated with the switch.

      Your web browser might warn you if this field does not match the URL entered into the web browser when accessing the switch.

    6. Configure the following optional parameters:

      • Org Unit: Enter the name of the sub-entity (for example, the department) where the switch is used.

      • Org Name: Enter the name of the entity (for example, the company) where the switch is used.

      • State:进入瑞士的州的名字tch is used.

      • Locality: Enter the name of the city where the switch is used.

    7. In theCountryfield, enter the country where the switch is used.

      You must enter only two letters in uppercase for the country name, for example, US for the United States.

    8. ClickOK.
  2. To delete a certificate:
    1. In theCertificatespane, select the certificate, and click删除.

      A confirmation message is displayed.

    2. Click删除.
      NOTE:

      You cannot delete the defaultdevice-identityandlocal-certcertificates.