To specify that certificates and CRLs should not be stored locally on your device, but should be retrieved
when required, enable query mode by using the following command in global configuration mode:
Query mode may affect availability if the CA is down.Note
SUMMARY STEPS
1.
crypto ca certificate query
DETAILED STEPS
PurposeCommand or Action
Enables query mode, which causes certificates and CRLs
not to be stored locally.
crypto ca certificate query
Example:
Device(config)# crypto ca certificate query
Step 1
Configuring the Device Host Name and IP Domain Name
You must configure the host name and IP domain name of a device if this has not already been done. This is
required because the device assigns a fully qualified domain name (FQDN) to the keys and certificates used
by IPsec, and the FQDN is based on the host name and IP domain name assigned to the device. For example,
a certificate named "device20.example.com" is based on a device host name of "device20" and a device IP
domain name of "example.com".
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
hostname name
4.
ip domain-name name
5.
end
DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode.enable
Example:
Device> enable
Step 1
•
Enter your password if prompted.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1146
How to Configure Certification Authority
To Next Page
Loading...
Need help?
General
