Administrator Guide
Version Description
9.11.0.0 Introduced the command.
Usage Information
The following RBAC roles are allowed to issue this command:
• sysadmin
• secadmin
If the cert-le option is not specied in the command, then the system interactively prompts you to ll in various
elds of the certicate signing request (CSR). You are prompted to ll out some metadata information for the
certicate. The following example shows the elds that you are prompted to ll:
You are about to be asked to enter information that will be incorporated into
your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank.
For some fields there will be a default value; if you enter '.', the field
will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:San Francisco
Organization Name (eg, company) []:Starfleet Command
Organizational Unit Name (eg, section) []:NCC-1701A
Common Name (eg, YOUR name) [S4810-001]:
Email Address []:scotty@starfleet.com
You can enter only 256 characters per command. If you have eld values that are larger than 256 characters in
length, use the interactive mode of the command.
Related Commands
• crypto ca-cert install
crypto cert install
Installs a trusted certicate on a device.
Syntax
crypto cert install cert-file cert-path key-file {key-path | private} [password
passphrase]
Parameters
cert-le Enter the keyword cert-file to specify that the certicate needs to be downloaded.
cert-path Enter the path where the certicate is locally stored. The path can be a full path or a
relative path. If the system accepts this path, a notication is sent indicating the location
where the certicate le is stored. Following are example of a path that you can specify:
flash://certs/s4810-001-request.crtand usbflash:/certs/
s4810-001-cert.pem
NOTE: Before installing a trusted certicate, you rst need to download it
from a remote CA using the copy command.
.
key-le Enter the keyword key-file to specify the private key.
private Enter the keyword private to specify that the key is stored in a hidden location in the
NVRAM. Only one private key can exist in a hidden location at any given point in time.
key-path Enter the absolute or relative location on the device where the key is stored.
1712 X.509v3