The certificate identity command configures a unique common name (CN) for the iMaster NCE-Campus's certificate, which will be used for certificate uniqueness verification.
The undo certificate identity command cancels the CN configuration for the iMaster NCE-Campus's certificate.
By default, no CN is configured for the iMaster NCE-Campus's certificate; that is, the switch does not verify the CN of the iMaster NCE-Campus's certificate.
| Parameter | Description | Value |
|---|---|---|
common-name |
Specifies a unique CN for the iMaster NCE-Campus's certificate. |
The value can be either of the following:
|
When a switch registers with iMaster NCE-Campus for authentication, bidirectional certificate authentication is performed over an SSH channel established between them to ensure secure data transmission. However, if an attacker obtains the iMaster NCE-Campus's certificate and pretends to be iMaster NCE-Campus to communicate with the switch, the switch cannot identify this forged iMaster NCE-Campus, posing security risks.
To address this issue, you can run the certificate identity command on the switch to specify the CN of the iMaster NCE-Campus's certificate for certificate uniqueness verification. When the switch registers with iMaster NCE-Campus again, it compares the CN in the iMaster NCE-Campus's certificate with the locally configured one, and goes online only when the CNs are the same.