Cisco 3650 Switch SSL Cert

zemerdon · Post by **zemerdon** » Wed Jun 03, 2026 2:26 pm

1. Set hostname + domain (required)

conf t
hostname cisco
ip domain-name zemerdon.com
end
write memory

2. Generate RSA keypair

Code: Select all

conf t
crypto key generate rsa modulus 2048 label cisco-https-key
end

3. Create a trustpoint
dont forget to change cisco.zemerdon.com to whatever your FQDN will be.

Code: Select all

conf t
crypto pki trustpoint CISCO-HTTPS
 enrollment selfsigned
 subject-name CN=cisco.zemerdon.com
 revocation-check none
 rsakeypair cisco-https-key
end

4. Enroll (create the certificate)

Code: Select all

crypto pki enroll CISCO-HTTPS

When prompted:

Answer yes to accept self-signed cert

Confirm generation

5. Bind cert to HTTPS server

Code: Select all

conf t
ip http secure-trustpoint CISCO-HTTPS
ip http secure-server
end
write memory

6. Verify

Code: Select all

show crypto pki certificates CISCO-HTTPS
show ip http server secure status