Creating a certificate manually for syslog application
The following steps are performed manually to create a certificate on the switch:
Configure a TA-profile which is required for creating CSR using
crypto pki ta-profile <PROFILE_NAME>
.Generate root certificate from a CA server and install the certificate using
copy tftp ta-certificate
.Create a CSR request with respect to the created TA-profile using
crypto pki create-csr certificate-name <syslog_leaf> ta-profile <PROFILE_NAME> usage ALL
.Install a signed certificate using
crypto pki install-signed-certificate
. It prompts the administrator to paste the base-64 format of the signed certificate. If the certificate is valid and the associated TA-profile matches the CSR, then switch installs the certificate.
You can automate certificate creation using EST. Refer Creating a syslog certificate using EST server.