Certificate manager > Local certificate enrollment – manual mode

 

 next

Local certificate enrollment – manual mode

To enroll a Local certificate using a manual copy and paste method, a key size and the relevant TA profile details are required. The following command manually creates a certificate signature request. Including the subject overrides the configured Identity Profile:

Syntax

crypto pki create-csr certificate-name CERT-NAME ta-profile Profile-Name [usage <openflow | web | all>][key-type rsa key-size <1024|2048>] [key-type ecdsa curve <256|384>] [subject [command-name CN-Value] [org Org-Value] [org-unit Org-unit-value] [locality Location-Value] [state state-Value] [countryCountry-Code]] [valid-start date valid-end date]

Options

key-size [1024|2048]

The length of the RSA key, default is 1024 bits.

Definitions

certificate-name

Name of the certificate.

ta-profile

The Trust Anchor Profile associated with the certificate. A profile named ‘default’ is updateable from the web UI.

ta-profile-name

Specify the Switch Id TA profile name.

usage[<openflow|web|all>]

Intended application for the certificate, the default is web.

valid-start

Certificate validity start date (MM/DD/YY).

valid-end

Certificate validity end date (MM/DD/YY).

Subject fields

cn-value

Common Name (CN) – must be present, max length 90.

org-value

Organization Name (O) – preferred, max length 100.

org-unit value

Organizational Unit Name (OU) – preferred, max length 100.

location-value

Locality (L) – optional, max length 100.

state-value

State (ST) – optional, max length 100.

country-code

To specify the two letter ISO 3166-1 country code. Max length 2.

[NOTE: ]

NOTE: A CSR created with TA profile name of ‘default’ MUST include usage of either “web” or “all”.

Example of PEM format output

This command creates a certificate signing request in realtime and then output the result to the console:

-----BEGIN CERTIFICATE REQUEST-----
MIIBpDCCAQ0CAQAwZDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRIwEAYDVQQH
EwlSb3NldmlsbGUxCzAJBgNVBAoTAkhQMQ0wCwYDVQQLEwRFVlBHMRgwFgYDVQQD
Ew9UZXN0IE1hY2hpbmUgMDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN7i
w3x2gi3tZf4LnXltSicl7RNcVggxYHcZQySWFtCXFTb5uaJ6vA3RdBIThgUKZSpc
rgtc7jQmRDUdKAbWLPrqC7wBxMlXbnQYegubvOfzf/dT1CYJXxdUZh5BMN5ob/00
t60m9cM7Odsu0a0dBoQQRI8315KJ0AuHDE6VOe4dAgMBAAGgADANBgkqhkiG9w0B
AQUFAAOBgQBQCZar2ox6RXm7F/vVhyrrp0E0YrPimxDvg40jnwqtwOgpQAvns4pt
o5RVx4/Q6hzF2QivYqLl3+K8WOVVJ7XLDcHNea8RJgx13t45uMYrsMKWdbhR9+jQ
KFzmffQJXRXOnH6rfQSNYBXndg0azhc8saORrOqrTn3Yw3psYSNMbA==
-----END CERTIFICATE REQUEST-----

prev

 

up

 next

Switch identity profile 

home

 Local certificate enrollment — manual mode

Copyright © 2016 Hewlett Packard Enterprise Development LP