Enrollment of application certificate using AirWave ZTP

Following is the recommended workflow for enrollment of application certificate using AirWave:

Prerequisites

Configure EST server using EST server configuration commands.

Procedure

Enable ZTP on your switch, so that the switch connects to AirWave server.
Install the EST CA certificate in your switch using AirWave CLI window. To create a TA profile, and copy the EST certificate, execute following commands:
```
crypto pki ta-profile EST_CA
```
```
copy tftp ta-certificate EST_CA <tftpserverIp> estca.pem
```
Push the switch configuration template having EST server configuration from the AirWave server to the switch.
```
est-server "myprofile" "https://<myEstServer>:8085"
```
```
crypto pki enroll-est-certificate " myprofile" certificate-name "estcert2" ta-profile "estta2" subject common-name "mycompany" org-unit "123" org  "ar" locality "Tn" state "TN" country "IN" usage syslog
```
Following configurations, enable the switch to connect with the EST server to install the certificate to connect to the Syslog server.
NOTE:
- For more information, see EST server configuration commands, and EST certificate enrollment command.
- To create a syslog certificate using EST, see Secure Syslog with TLS.