C613-50631-01 Rev A Command Reference for IE340 Series 2524
AlliedWare Plus™ Operating System - Version 5.5.3-0.x
PUBLIC KEY INFRASTRUCTURE AND CRYPTO COMMANDS
FINGERPRINT
(CA-TRUSTPOINT)
fingerprint (ca-trustpoint)
Overview Use this command to declare that certificates with the specified fingerprint should
be automatically accepted, when importing certificates from an external certificate
authority. This can affect the behavior of the crypto pki authenticate and crypto
pki import pem commands.
Use the no variant of this command to remove the specified fingerprint from the
pre-accepted list.
Syntax
fingerprint <word>
no fingerprint <word>
Default By default, no fingerprints are pre-accepted for the trustpoint.
Mode Trustpoint Configuration
Usage notes Specifying a fingerprint adds it to a list of pre-accepted fingerprints for the
trustpoint. When a certificate is imported, if it matches any of the pre-accepted
values, then it will be saved in the system automatically. If the imported
certificate’s fingerprint does not match any pre-accepted value, then the user will
be prompted to verify the certificate contents and fingerprint visually.
This command is useful when certificates from an external certificate authority are
being transmitted over an insecure channel. If the certificate fingerprint is
delivered via a separate messaging channel, then pre-entering the fingerprint
value via cut-and-paste may be less errorprone than attempting to verify the
fingerprint value visually.
The fingerprint is a series of 40 hexadecimal characters. It may be entered as a
continuous string, or as a series of up to multiple strings separated by spaces. The
input format is flexible because different certificate authorities may provide the
fingerprint string in different formats.
Example To configure a fingerprint “5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF”
for the trustpoint named “example”, use the following commands:
awplus> enable
awplus# configure terminal
awplus(config)# crypto pki trustpoint example
awplus(ca-trustpoint)# fingerprint 5A81D34C 759CC4DA CFCA9F65
0303AD83 410B03AF
Related
commands
crypto pki authenticate
Parameter Description
<word> The fingerprint as a series of 40 hexadecimal characters,
optionally separated into multiple character strings.
To Next Page
Loading...
Need help?
General
