Information
Creating an identity profile simplifies the generation of cryptographic certificates and certificate signing requests by defining commonly used subject information that is used to identify and authenticate a device using secure, encrypted protocols. ArubaOS-Switch stores one identity profile per device; creating a new profile overwrites an existing profile (if defined).
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
This command creates an example identity profile for a device with the hostname "switch":
switch(config)# crypto pki identity-profile switch-id-profile subject common-name
switch country us state California locality Roseville org HPE org-unit Aruba
This identity profile will be used whenever a certificate or certificate request is generated later in this guide.
If no identity profile is defined, required subject fields (including the device common name, at a minimum) must be specified each time a cryptographic certificate signing request or self-signed certificate is generated. If a profile is present, the pertinent data is populated automatically.