Access Security Guide K/KA/KB.15.15
optional. The user can enter both subject information and one or more IP addresses when creating
an Identity Profile. There is no constraint to have either subject or IP addresses, they are not mutually
exclusive although at least one must be present.
Syntax
(config)# [no] crypto pki [identity-profile][profile-name]
subject[CommonName <cn-value>] [Org <org-value> ] [OrgUnit
<org-unit value>] [Locality <location-value>] [State
<state-value>] [Country <country-code>] [address
<ip-addr-list>]
Subject fields
The fields specific to certificate subject are obtained interactively by prompting
the user for the following if they are not provided on the command line:
identity-profile
Creates an identity profile.
profile-name
Specify the Switch Id Profile name.
cn-value
Common Name (CN) – must be present, max length 100.
org-value
Organization Name (O) – preferred, max length 100.
org-unit value
Organizational Unit Name (OU) – preferred, max length 100.
location-value
Locality (L) – optional, max length 100.
state-value
State (ST) – optional, max length 100.
country-code
To specify the two letter ISO 3166-1 country code. Max length 2.
NOTE: The total maximum lengths shown are subject to the maximum subject line
length of 127 characters.
Local certificate enrollment – manual mode
To enroll a Local certificate using a manual cut and paste method, a key size and the relevant TA
Profile details are required. The following command manually creates a certificate signature request.
Including the subject overrides the configured Identity Profile:
Syntax
[no]crypto pki create-csr cert-name [name]ta-profile
[profile-name]key size [bits]usage[protocol]
subject[common-name <cn-value>][org <org-value> ]\[org-unit
<org-unit-value>][locality <location-value>][state
<state-value>][country <country-code>][valid-start
<date>][valid-end <date>]
506 Certificate manager