Trust anchor profile

The profile defines required Anchor Trust for several certificate-specific operations, such as certificate enrollment and certificate validations. A trust anchor may be a Root CA certificate or an Intermediate CA certificate. The following command creates a trust anchor profile.

Syntax

crypto pki ta-profile <profile-name> ssh-username <ssh-username>
no crypto pki ta-profile <profile-name> ssh-username <ssh-username>
    

Definitions

profile-name

A name (maximum 100 characters) with a unique identifier for the Trust Anchor Profile. Ten TA profiles are supported: one for each allowed trust anchor (Root CA certificate.)

Profile number 2 is always reserved for self-signed certificate. For example, you can only create 9 TA profiles (Root CA certificates) per switch.

ssh-username

Set the username whose certificate will be validated with the TA profile for two-factor authentication.