set tls

This command configures the switch's private key, the switch's public certificate, and the Certificate Authority (CA) certificate(s) that were used to issue the controller‘s certificate. All three of these credentials are required to establish a secure TLS connection.

set tls {privkey [<cr>|no-confirm] | certificate pki-cert-list | ca-cert pki-cert-list}

Parameters

privkey Private key used to certify that the switch‘s certificate is trustworthy. Entered interactively in PEM format.
<cr> Carriage return. Press Enter to enter PEM data and passphrase (if necessary) interactively.
no-confirm Enter PEM data interactively, and then accept privkey without prompting for confirmation.
certificate pki-cert-list Designates the certificate for the switch's identity to be used for outgoing TLS connections. The certificates of the CA that was used to sign this certificate must be trusted by the TLS peer (that is, the controller). If you provide a list in pki-cert-list, only the first certificate is used.
ca-cert pki-cert-list Designates the list of CA certificates that the switch should use to verify certificates presented to it by TLS peers. (This may be the same certificate list that TLS peers use to verify the certificate specified by 'certificate', or it may be a different one, depending on the PKI design in use). The list in pki-cert-list must contain at least one certificate.

Defaults

N/A

Mode

All command modes.

Example

This example sets the switch's private key without confirmation, and then the switch's certificate and controller CA certificate.

set tls privkey no-confirm
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA1gb8R98qJXslizg+ftckwQYtLFrEx1lLD6eIoicMteig3Sbx
ordFU8mXnAmbTeFd97JpqiEd7y9jQmz4qrdgo6A+Dh5MY9Cdu1tUGwaUzI3vkkcb
....
L03KpfhujdkR9iS7rWmHovZJIlNKs9egCx6fNVb22GcPPsMjU+4+1VfY/MivDg==
-----END RSA PRIVATE KEY-----
quit

set tls certificate sc-cert
set tls ca-cert ca-cert

The switch‘s actual certificate (“sc-cert”) and the controller‘s CA certificate chain (“ca-cert”) must be configured using set pki certificate.