Send documentation comments to mdsfeedback-doc@cisco.com
4-117
Cisco MDS 9000 Family Command Reference
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Chapter 4 C Commands
crypto ca trustpoint
crypto ca trustpoint
To create a trust point certificate authority (CA) that the switch should trust, and enter trust point
configuration submode (config-trustpoint), use the crypto ca trustpoint command in configuration
mode. To remove the trust point, use the no form of the command.
crypto ca trustpoint trustpoint-label
no crypto ca trustpoint trustpoint-label
Syntax Description
Defaults None.
Command Modes Configuration mode.
Command History
Usage Guidelines Trust points have the following characteristics:
• A trust point corresponds to a single CA, which an MDS switch trusts for peer certificate verification
for any application.
• A CA must be explicitly associated to a trust point using the CA authentication process using the
crypto ca authenticate command.
• An MDS switch can have many trust points and all applications on the switch can trust a peer
certificate issued by any of the trust point CAs.
• A trust point is not restricted to a specific application.
• The MDS switch can optionally enroll with a trust point CA to get an indemnity certificate for itself.
You do not need to designate one or more trust points to an application. Any application should be able
to use any certificate issued by any trust point as long as the certificate purpose satisfies application
requirement.
You do not need more than one identity certificate from a trust point or more than one key pair to be
associated to a trust point. A CA certifies a given identity (name) only once and does not issue multiple
certificates with the same subject name. If you need more than one identity certificate for a CA, define
another trust point for the same CA, associate another key pair to it, and have it certified, provided CA
allows multiple certificates with same subject name.
Note Before using the no crypto ca trustpoint command to remove the trust point, first delete the identity
certificate and CA certificate (or certificate chain) and then disassociated the RSA key pair from the trust
point. The switch enforces this behavior to prevent the accidental removal of the trust point along with
trustpoint-label Specifies the name of the trust point. The maximum size is 64
characters.
Release Modification
3.0(1) This command was introduced.
To Next Page
Loading...
Need help?
General
