Create a certificate signing request

Creates a certificate signing request on the switch. Including the subject will override the configured identify profile.

Syntax

crypto pki create-csr certificate-name CERT-NAME ta-profile Profile-Name [usage <openflow | web | all>][key-type rsa key-size <1024|2048>] [key-type ecdsa curve <256|384>] [subject [command-name CN-Value] [org Org-Value] [org-unit Org-unit-value] [locality Location-Value] [state state-Value] [countryCountry-Code]] [valid-start date valid-end date]

Definitions

profile-name

A name (maximum 100 characters) with a unique identifier for the Trust Anchor Profile. Ten TA profiles are supported: one for each allowed trust anchor (Root CA certificate.)

usage

When usage is set to all, it includes the OpenFlow and web applications, as well as other applications such syslog.

Options

rsa

Uses the RSA key. You must specify the size of the key, key-size. Default is 1024.

ecdsa

Uses the ECDSA key. You must specify the elliptic curve size, curve. Default is 256.

NOTE:

Attempting to install a CA signed ecdsa 256/384 bit certificate fails with an error similar to Invalid certificate.