Installing a self-signed leaf certificate (created outside the switch)

This procedure describes how to install a self-signed X.509 leaf certificate (that was created outside the switch). And then associate the certificate with one of the following switch features: syslog client, Captive Portal, RadSec client, HTTPS server, or HSC (hardware switch controller).

Prerequisites

  • A self-signed leaf certificate (including private-key data) created outside the switch.

Procedure
  1. Create the leaf certificate context with the commandcrypto pki certificatewhich then switches to the created leaf certificate context.
  2. Import the leaf certificate data into the switch with the commandimport(self-signed leaf certificate).
  3. 退出the leaf certificate context with the commandexit.
  4. Associate the leaf certificate with a switch feature (syslog client, RadSec client, HTTPS server, or HSC) with the commandcrypto pki application.

Example

这个例子:

  • Creates the leaf certificate context.
  • Imports the self-signed leaf certificate.
  • Associates the leaf certificate with the syslog client (application) on the switch.
开关(配置)#开关(配置)#crypto pki certificate SS_LC2switch(config)# switch(config-cert-SS_LC)#import terminal self-signedPaste the certificate in PEM format below, then hit enter and ctrl-D: switch(config-cert-import)# -----BEGIN CERTIFICATE----- switch(config-cert-import)# MIIFRDCCAyygAwIBAgIQP8nnS2Vp15u07xXMdktDJzANBgkqhkiG9 switch(config-cert-import)# MQswCQYDVQGEwJVUEOMAwGA1UECgwFXJ1YmxDAOgNBAMMB1Jvb3gw switch(config-cert-import)# HhcNMTkNDEwMjIwNT1WhcjIwMTA0MjIwNE1WjBzQswQYDVQQGEwJV ... switch(config-cert-import)# 1fIYZYGQyla0AwFuPTTxBXHYwRxTPbUYU5tumJrfwRPmE4OVY8S9D switch(config-cert-import)# 1NGNm3NG03GqPScs/TF9bVyFA5BOrS5lmm7kNfRYlK8D/kMTfRreS switch(config-cert-import)# YQ1u1NqShps= switch(config-cert-import)# -----END CERTIFICATE----- switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# MIIFDjBABgkqhkiG9wBBQ0wMzAbBgkqkiw0QwwDQImNpJMN7sVGwC switch(config-cert-import)# MBQGCCqGSIb3DQMHAit+2qadNAASCMg5LYJ4AFm3EffhH5p51Ggr8 switch(config-cert-import)# IJ6L/UhEtH523nUkdV6gvoAWgoYaeD83PeswToAGv5VS8OMFTPttr ... switch(config-cert-import)# OgSecqZsG6arbx0ESaYBir1c/6rPs1pcjbDxw283DiD1MWOpeoS2a switch(config-cert-import)# iKnXnUMpVPfLc74ty2S41DtH0X9Sgf6aa1LjiStg+N7cND9XfGtj/ switch(config-cert-import)# cb4= switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# Enter import password:*******Leaf certificate is validated as self-signed certificate and imported successfully. switch(config-cert-SS_LC2)#exitswitch(config)#crypto pki application syslog-client certificate SS_LC2