Installing a CA-signed leaf certificate (created outside the switch)
This procedure describes how to install an X.509 leaf certificate that was created and signed (by a CA) outside the switch. And then associate the certificate with one of the following switch features: syslog client, HTTPS server, or HSC (hardware switch controller).
Prerequisites
- Root CA certificate
root-cert
installed as described inInstalling a certificate of a root CA
. A CA-signed leaf certificate (including private-key data) created outside the switch.
Procedure
-
Create the leaf certificate context with the command
crypto pki certificate
which then switches to the created leaf certificate context. -
Import the leaf certificate into the switch with the command
import
(CA-signed leaf certificate). -
Exit the leaf certificate context with the command
exit
. -
Associate the leaf certificate with a switch feature (syslog client, HTTPS server, or HSC) with the command
crypto pki application
.
Example
This example:
- Creates the leaf certificate context.
- imports the CA-signed leaf certificate.
- Associates the leaf certificate with the syslog client (application) on the switch.
switch(config)# switch(config)# crypto pki certificate CA_LC switch(config)# switch(config-cert-CA_LC)# import terminal ta-profile root-cert Paste the certificate in PEM format below, then hit enter and ctrl-D: switch(config-cert-import)# -----BEGIN CERTIFICATE----- switch(config-cert-import)# MIIFRDCCAyygAwIBAgIQP8nn2Vp15u07XMktDJANBgkqhkiG9w0Bv switch(config-cert-import)# MQswCQYDVQGEwJVUEOMAw1UECgwFX1YmxDOgNBAMMB1Jvb3QgQ0Ew switch(config-cert-import)# HhcNMTkNDEwMjIwNT1WhjIMTA0MjIwNE1jBzQswYDVQQGEwJVUzEL ... switch(config-cert-import)# 1fIYZYGQyla0AwFuPTTxBXHYRxTPbUYUtmJrwRPmE4OVY8S9DQgcr switch(config-cert-import)# 1NGNm3NG03GqPScs/TF9bVyFABOrlmm7kNfRlK8D/kMTfRreSdxis switch(config-cert-import)# YQ1u1NqShps= switch(config-cert-import)# -----END CERTIFICATE----- switch(config-cert-import)# -----BEGIN ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# MIIFDjBABgkqhkiG9wBBQ0wMzAbBgkiwQwwQImNpJMN7sVGwCAggA switch(config-cert-import)# MBQGCCqGSIb3DQMHAit+2qadNAASCMgLYJ4AFEfhH5p51Ggr86VqS switch(config-cert-import)# IJ6L/UhEtH523nUkdV6gvoAWgoYaeD8eswAGv5VS8OMFTPttrn5/K ... switch(config-cert-import)# OgSecqZsG6arbx0ESaYBir1c6rPs1pcbDx283DD1MWOpeoS2aEmOX switch(config-cert-import)# iKnXnUMpVPfLc74ty2S41tH0X9gfaa1LiStg+N7cND9XfGtjaV2+/ switch(config-cert-import)# cb4= switch(config-cert-import)# -----END ENCRYPTED PRIVATE KEY----- switch(config-cert-import)# Enter import password: ******* Leaf certificate is validated with root-cert and imported successfully. switch(config-cert-CA_LC)# exit switch(config)# crypto pki application syslog-client certificate CA_LC