DETAILED STEPS
PurposeCommand or Action
Enables privileged EXEC mode.enable
Example:
Device> enable
Step 1
•
Enter your password if prompted.
Enters global configuration mode.configure terminal
Example:
Device# configure terminal
Step 2
Requests that a new certificate revocation list (CRL) be
obtained immediately from the CA.
crypto pki crl request name
Example:
Device(config)# crypto pki crl request myca
Step 3
Exits global configuration mode and returns to privileged
EXEC mode.
end
Example:
Device(config)# end
Step 4
Querying a Certification Revocation List
You can query a certificate revocation list (CRL) only when you configure your device with a trusted root.
When your device receives a certificate from a peer from another domain (with a different CA), the CRL
downloaded from the CA of the device will not include certificate information about the peer. Therefore, you
should check the CRL published by the configured root with the LDAP URL to ensure that the certificate of
the peer has not been revoked.
If you would like CRL of the root certificate to be queried when the device reboots, you must enter the crl
query command.
Perform the following task to query the CRL published by the configured root with the LDAP URL:
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
crypto pki trustpoint name
4.
crl query ldap ://url : [port]
5.
end
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1154
Monitoring and Maintaining Certification Authority
To Next Page
Loading...
Need help?
General
