PKI page

Public Key Infrastructure (PKI) capability on the switch provides digital certificates to authenticate network entities. This page enables you to configure and manage digital certificates on the switch. The switch uses certificates to validate SSH clients when acting as an SSH server and when communicating with syslog servers while TLS encryption is used.

Each entity in the PKI has their identity validated by a certificate authority (CA). The CA issues a digital certificate as part of enrolling each entity into the PKI. This digital certificate is used by the replying parties (for example, network connection peers) to set up secure communication. Based on the information present in the certificate of the sender, the receiving entity can validate the authenticity of the sender and subsequently establish a secure communication channel. For more information about PKI, see the AOS-CX Security Guide.

EST Profiles panel

The EST Profiles panel displays the details of the EST profiles added to the switch. Enrollment over Secure Transport (EST) enhances the switch PKI infrastructure with a simpler, scalable, and more secure method of certificate provisioning, re-enrollment, and renewal.

TA Profiles panel

The TA Profiles panel displays information and status of TA profiles added to the switch. A Trust Anchor (TA) defines certificate-specific operations, such as enrollment and validations. Each TA profile stores the certificate for a trusted CA.

Certificates panel

The Certificates panel displays details about the digital certificates that can be used for applications in the switch. Certificates help secure digital transactions by enabling the end parties to validate each other's identity. Digital certificates are issued by a CA and are composed of an encoded string of characters (usually stored in a file).

Associated Application Details panel

The Associated Application Details panel displays the features (applications) on the switch to which you can associate certificates. The panel also displays the associated certificate name and status. By default, all features are associated with the default, self-signed certificate local-cert. This certificate is created by the switch the first time it starts.