Installing a CA-signed leaf certificate (created outside the switch)
This procedure describes how to install an X.509 leaf certificate that was created and signed (by a CA) outside the switch. And then associate the certificate with one of the following switch features: syslog client, Captive-portal, RadSec client, HTTPS server, or HSC (hardware switch controller).
Prerequisites
- Root CA certificate
root-certinstalled as described inInstalling a certificate of a root CA. A CA-signed leaf certificate (including private-key data) created outside the switch.
Procedure
- Create the leaf certificate context with the command
crypto pki certificatewhich then switches to the created leaf certificate context. - Import the leaf certificate into the switch with the command
import (CA-signed leaf certificate). - Exit the leaf certificate context with the command
exit. - Associate the leaf certificate with a switch feature (syslog client, RadSec client , Captive portal, HTTPS server, or HSC) with the command
crypto pki application.
Example
This example:
- Creates the leaf certificate context.
- imports the CA-signed leaf certificate.
- Associates the leaf certificate with the syslog client (application) on the switch.
开关(配置)# switch(config)#crypto pki certificate CA_LC开关(配置)# switch(config-cert-CA_LC)#进口终端ta-profile root-certPaste the certificate in PEM format below, then hit enter and ctrl-D: switch(config-cert-import)# -----BEGIN CERTIFICATE----- switch(config-cert-import)# MIIFRDCCAyygAwIBAgIQP8nn2Vp15u07XMktDJANBgkqhkiG9w0Bv switch(config-cert-import)# MQswCQYDVQGEwJVUEOMAw1UECgwFX1YmxDOgNBAMMB1Jvb3QgQ0Ew switch(config-cert-import)# HhcNMTkNDEwMjIwNT1WhjIMTA0MjIwNE1jBzQswYDVQQGEwJVUzEL ... switch(config-cert-import)# 1fIYZYGQyla0AwFuPTTxBXHYRxTPbUYUtmJrwRPmE4OVY8S9DQgcr switch(config-cert-import)# 1NGNm3NG03GqPScs/TF9bVyFABOrlmm7kNfRlK8D/kMTfRreSdxis switch(config-cert-import)# YQ1u1NqShps= switch(config-cert-import)# -----END CERTIFICATE----- switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# MIIFDjBABgkqhkiG9wBBQ0wMzAbBgkiwQwwQImNpJMN7sVGwCAggA switch(config-cert-import)# MBQGCCqGSIb3DQMHAit+2qadNAASCMgLYJ4AFEfhH5p51Ggr86VqS switch(config-cert-import)# IJ6L/UhEtH523nUkdV6gvoAWgoYaeD8eswAGv5VS8OMFTPttrn5/K ... switch(config-cert-import)# OgSecqZsG6arbx0ESaYBir1c6rPs1pcbDx283DD1MWOpeoS2aEmOX switch(config-cert-import)# iKnXnUMpVPfLc74ty2S41tH0X9gfaa1LiStg+N7cND9XfGtjaV2+/ switch(config-cert-import)# cb4= switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# Enter import password:*******Leaf certificate is validated with root-cert and imported successfully. switch(config-cert-CA_LC)#exit开关(配置)#crypto pki application syslog-client certificate CA_LC