PurposeCommand or Action
(Optional) Generates an RSA key pair. RSA key pairs are required
before you can obtain a certificate for the switch. RSA key pairs
crypto key generate rsa
Example:
Switch(config)# crypto key generate rsa
Step 4
are generated automatically. You can use this command to
regenerate the keys, if needed.
Specifies a local configuration name for the CA trustpoint and enter
CA trustpoint configuration mode.
crypto ca trustpoint name
Example:
Switch(config)# crypto ca trustpoint
Step 5
your_trustpoint
Specifies the URL to which the switch should send certificate
requests.
enrollment url url
Example:
Switch(ca-trustpoint)# enrollment url
Step 6
http://your_server:80
(Optional) Configures the switch to obtain certificates from the
CA through an HTTP proxy server.
enrollment http-proxy host-name port-number
Example:
Switch(ca-trustpoint)# enrollment
Step 7
•
For host-name , specify the proxy server used to get the CA.
•
For port-number, specify the port number used to access the
CA.
http-proxy your_host 49
Configures the switch to request a certificate revocation list (CRL)
to ensure that the certificate of the peer has not been revoked.
crl query url
Example:
Switch(ca-trustpoint)# crl query
ldap://your_host:49
Step 8
(Optional) Specifies that the trustpoint should be used as the
primary (default) trustpoint for CA requests.
primary name
Example:
Switch(ca-trustpoint)# primary
Step 9
•
For name, specify the trustpoint that you just configured.
your_trustpoint
Exits CA trustpoint configuration mode and return to global
configuration mode.
exit
Example:
Switch(ca-trustpoint)# exit
Step 10
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
130 OL-29048-01
Configuring Secure Socket Layer HTTP
Configuring a CA Trustpoint
To Next Page
Loading...
Need help?
General