Self-Signed certificate
A self-signed certificate uses the “default” TA profile, which is created automatically if it does not already exist and one of the ten available TA profiles is not yet assigned.
Syntax
[no] crypto pki enroll-self-signed certificate-name [name] subject common-namecn-value org org-value org-unit org-unit-value locality location-value state state-value country country-code
To create and install a self-signed local certificate
the certificate subject may be configured with the crypto
pki identity-profile
command.
Options
- key-size [1024|2048]
The length of the key; default is 1024 bits.
- subject [field <field value>]
Subject fields of the certificate; the default values are specified in the identity profile.
- usage [<openflow|web|all>]
Intended application for the certificate; the default is web.
Subject Fields
Following are the prompts appear if these required fields are not given as arguments.
Enter Common Name(CN) : Enter Org Unit(OU) : Enter Org Name(O) : Enter Locality(L) : Enter State(ST) : Enter Country(C) :
Definitions
- certificate-name
Name of the certificate.
- ta-profile
The Trust Anchor Profile associated with the certificate. A profile named ‘default’ is updateable from the web UI.
- ta-profile-name
Specify the Switch Id TA profile name.
- cn-value
Common Name (CN) – must be present, max length 90.
- org-value
Organization Name (O) – preferred, max length 100.
- org-unit value
Organizational Unit Name (OU) – preferred, max length 100.
- location-value
Locality (L) – optional, max length 100.
- state-value
State (ST) – optional, max length 100.
- country-code
To specify the two letter ISO 3166-1 country code. Max length 2.
- valid-start
Certificate validity start date (MM/DD/YYYY).
- valid-end
Certificate validity end date (MM/DD/YYYY).
The default value for start date is the current date and the default value for the end date is the current date plus one year.
Local enrollment is implemented in the web UI and the security — SSL page is updated for the web UI SSL server application. The Web UI does not provide general PKI configurability for all applications creation or management of other device certificates.