Access Security Guide K/KA/KB.15.15
To enroll a Local certificate in self-signed mode, the user must specify the subject
information and key-size. The details specific to the certificate “subject” are obtained
from id-profile if not specified here.
Options
key-size [1024|2048]
The length of the key; default is 1024 bits.
fields [address <ipaddr>]
Subject fields of the certificate; the default values are specified in the identity
profile.
usage [<openflow|web|default>]
Intended application for the certificate; the default is web.
Syntax
(config)# crypto pki enroll-self-signed certificate-name
name subjectcommon-name cn-valueorg
org-valueorg-unitorg-unit-valuelocalitylocation-valuestatestate-valuecountrycountry-codevalid-startdatevalid-enddate
Options
key-size [1024|2048]
The length of the key; default is 1024 bits.
fields [address <ipaddr>]
Subject fields of the certificate; the default values are specified in the identity
profile.
usage [<openflow|web|default>]
Intended application for the certificate; the default is web.
Subject Fields
The following prompts appear if these required fields are not given as arguments.
Enter Common Name(CN) :
Enter Org Unit(OU) :
Enter Org Name(O) :
Enter Locality(L) :
Enter State(ST) :
Enter Country(C) :
Self-Signed certificate
A self-signed certificate uses the “default” TA profile, which is created automatically if it does not
already exist and one of the two available TA Profiles is not yet assigned.
Syntax
[no]crypto pki enroll-self-signed certificate-name [name]
subject
common-namecn-valueorgorg-valueorg-unitorg-unit-valuelocalitylocation-valuestatestate-valuecountrycountry-code
To create and installl a self-signed local certificate the certificate subject may be
configured with the crypto pki identity-profile command.
Options
key-size [1024|2048]
The length of the key; default is 1024 bits.
Local certificate enrollment — manual mode 509