Certificate Settings

The Cisco Business Dashboard Agent (CBD) and Plug-n-Play (PNP) features require CA certificates to establish HTTPS communication with the CBD or PNP servers. The Certificate Settings feature allows these applications and device managers to do the following:

  • Install trusted CA certificates and to remove certificates that are no longerwanted

  • Statically add certificates to device configurationfile

  • Manage a revocation list of untrustedcertificates

Note

The validity of the certificates is based on the system clock. Use the default system clock or it does not provide proper validation. Therefore, make sure the system clock is based on device Real time clock (if supported) or was actively set since the last reboot (preferably via SNTP service). If the system clock is not based on RTC or was not set since last reboot validation of certificate will fail, even if the system clock is within the validity date of the certificate.

Dynamic Certificates

The embedded certificate is installed by default. The PNP applications can install dynamic trusted certificates to the device memory. The installed certificate must include the following attributes:

  • Certificate name - A string that is used to identify the certificate

  • Owner - The application name that installed the certificate (for example, PNP)

  • The certificate itself in PEM format.

An application can also delete a specific or all dynamic certificates installed by that application.

Considerations

  • Up to 512 dynamic certificates can be installed on the device.

  • Dynamic certificates are removed when the device reboots.

Static Certificate

If an application wants to add a certificate that will not be deleted on reset, or if a user of the switch wants to add a certificate, they can add a static certificate. These certificates are saved in the device running configuration and can be copied to the startup configuration.

Adding a static certificate requires providing the following attributes:

  • Certificate name - A string that is used to identify the certificate

  • Owner - The application name that installed the certificate (for example, PNP)

  • The certificate itself in PEM format.

Considerations

  • Up to 128 static certificates can be installed on the device.

  • It is possible for identical certificates to be added by different applications or users as long as the names used to identify them are different.