PurposeCommand or Action
Declares the certification authority (CA) that your device
should use and enters the CA profile enroll configuration
mode.
crypto ca trustpoint name
Example:
Device(config)# crypto ca trustpoint ka
Step 3
Specifies the URL of the CA server to which enrollment
requests are sent.
enrollment url url
Example:
Device(ca-profile-enroll)# enrollment url
http://entrust:81
Step 4
Specifies the HTTP command that is sent to the CA for
enrollment.
enrollment command
Example:
Device(ca-profile-enroll)# enrollment command
Step 5
Exit CA profile enroll configuration mode and returns to
global configuration mode.
exit
Example:
Device(ca-profile-enroll)# exit
Step 6
Declares the trustpoint that your device should use and
enters Ca-trustpoint configuration mode.
crypto pki trustpoint name
Example:
Device(config)# crypto pki trustpoint ka
Step 7
Queries the certificate revocation list (CRL) to ensure that
the certificate of the peer is not revoked.
crl query ldap://url:[port]
Example:
Device(ca-trustpoint)# crl query
ldap://bar.cisco.com:3899
Step 8
Specifies the enrollment wait period between certificate
request retries.
enrollment {mode ra | retry count number | retry
period minutes | url url}
Example:
Device(ca-trustpoint)# enrollment retry period
2
Step 9
Specifies the number of times a device will resend a
certificate request when it does not receive a response from
the previous request.
enrollment {mode ra | retry count number | retry
period minutes | url url}
Example:
Device(ca-trustpoint)# enrollment retry count
8
Step 10
Checks the revocation status of a certificate.
revocation-check method1 [method2 method3]
Example:
Device(ca-trustpoint)# revocation-check crl
ocsp
Step 11
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1149
How to Configure Certification Authority
To Next Page
Loading...
Need help?
General
