Self-signed certificate enrollment
This certificate installation method may be used when a Certificate Authority is not available. A self-signed certificate provides the relying party no assurance of identity, so this is not as secure as using a CA-signed certificate. A self-signed certificate may be useful, but its use is not recommended.
A self-signed certificate many only be installed on the “default” TA-Profile, so the ta-profile-name parameter is not present in the command.
To enroll a local certificate in self-signed mode, the user must specify the subject information and key-size. The details specific to the certificate “subject” are obtained from id-profile if not specified here.
Syntax
crypto pki enroll-self-signed certificate-name CERT-NAME [subject [command-name CN-Value] [org Org-Value] [org-unit Org-unit-value] [locality Location-Value] [state state-Value] [countryCountry-Code] [valid-start date valid-end date] [usage <openflow | web | all>][key-type rsa key-size <1024|2048>] [key-type ecdsa curve <256|384>]
crypto pki enroll-self-signed certificate-name CERT-NAME [subject [command-name CN-Value] [org Org-Value] [org-unit Org-unit-value] [locality Location-Value] [state state-Value] [countryCountry-Code] [valid-start date valid-end date] [usage <openflow | web | all>][key-type rsa key-size <1024|2048>] [key-type ecdsa curve <256|384>]
Parameters
- usage [<openflow|web|all>]
Intended application for the certificate; the default is
web. Theopenflowoption is not supported for self-signed certificate enrollment.
Subject Fields
The following prompts appear if these required fields are not given as arguments.
Enter Common Name(CN) : Enter Org Unit(OU) : Enter Org Name(O) : Enter Locality(L) : Enter State(ST) : Enter Country(C) :