The crypto ca trustpoint command was introduced with Cisco IOS Software Release 12.2(8)T and replaced the crypto ca identity command in Cisco IOS Software Release 12.3.

A variety of subcommands are available in the ca-trustpoint configuration mode:

• enrollment This optional subcommand specifies the enrollment parameters. The enrollment mode ra command enrolls the CA as a Registration Authority (RA). The IPsec peers complete transactions with the RA, which then forwards the requests to the CA. Both peers must be configured with the public keys for the CA and RA.

• enrollment http proxy Configures access to the CA via using http via an HTTP proxy server.

• root Defines the TFTP to get the CA Certificate and defines the server name and filename for the Certificate.

• match certificate This optional command specifies a certificate-based existing access list (ACL) that is associated with a specific crypto ca certificate map command.

• primary Defines the primary CA trustpoint for the router.

• crl The CRL command queries the CRLs to ensure the certificate for its peer is valid and has not been revoked.

• default (ca-trustpoint) This command resets the CA trustpoint configuration to its default values.

Example 20-4 shows the correct syntax declaring the CA server as the CA on the router in New York.

0 0

Post a comment