Adding and deleting a certificate

Procedure
  1. To add a certificate:
    1. In the navigation pane, expand Security, and select PKI.

      The PKI page is displayed.

    2. In the Certificates panel, click New Certificate.

      The New Certificate Info dialog box is displayed.

    3. In the Certificate Name field, enter a name for the certificate.

      The certificate name can contain lowercase alphanumeric, dot, hyphen, and underscore characters. The device-identity and local-cert certificates are added by default.

    4. Configure the following optional parameters:
      • Certificate Type: Select either regular or self-signed from the drop-down. Regular certificates are signed by a CA. Self-signed certificates are signed by the switch or the user who is using the certificate and not signed by a CA.

      • EST Profile: Select the EST profile to associate with the certificate. This field is displayed only for the regular certificate type.

      • Key Type: Select either RSA or ECDSA from the drop-down for the encryption key type. The default type is RSA.

      • Key Size: Select the key size from the drop-down for the key type selected.

        RSA key type has longer key size with values: 2048, 3072, and 4096 bits. The default size for RSA is 2048. The ECDSA key type has shorter key size with values: 256, 381, and 521 bits. The default size for ECDSA is 256.

    5. In the Common Name field, enter the IP address or domain name associated with the switch.

      Your web browser might warn you if this field does not match the URL entered into the web browser when accessing the switch.

    6. Configure the following optional parameters:
      • Org Unit: Enter the name of the sub-entity (for example, the department) where the switch is used.

      • Org Name: Enter the name of the entity (for example, the company) where the switch is used.

      • State: Enter the name of the state where the switch is used.

      • Locality: Enter the name of the city where the switch is used.

    7. In the Country field, enter the country where the switch is used.

      You must enter only two letters in uppercase for the country name, for example, US for the United States.

    8. Click OK.
  2. To delete a certificate:
    1. In the Certificates pane, select the certificate, and click Delete.

      A confirmation message is displayed.

    2. Click Delete.
      NOTE:

      You cannot delete the default device-identity and local-cert certificates.