Table of Contents
Advertisement
Certificate Wizards
Note
CA server nickname
Enrollment URL
Challenge Password and Confirm Challenge Password
Cisco Router and Security Device Manager Version 2.2 User's Guide
28-38
The information you enter in this screen is used to generate a trustpoint. The
trustpoint is generated with a default revocation check method of CRL. If you are
editing an existing trustpoint with the SCEP wizard, and a revocation method
different from CRL, such as OCSP, already exists under the trustpoint, SDM will
not modify it. If you need to change the revocation method, go to Router
Certificates window, select the trustpoint you configured, and click the Check
Revocation button.
The CA server nickname is an identifier for the trustpoint you are configuring.
Enter a name that will help you identify one trustpoint from another.
If you are completing an SCEP enrollment, you must enter the enrollment URL
for the CA server in this field. For example,
http://CAuthority/enrollment
The URL must begin with the characters http://. Be sure there is connectivity
between the router and the CA server before beginning the enrollment process.
This field does not appear if you are completing a cut-and-paste enrollment.
A challenge Password can be sent to the CA for you to use if you ever need to
revoke the certificate. It is recommended that you do so, as some CA servers do
not issue certificates if the challenge Password is blank. If you want to use a
challenge Password, enter that password and then reenter it in the confirm field.
The challenge Password will be sent along with the enrollment request. For
security purposes, the challenge password is encrypted in the router configuration
file, so you should record the password and save it in a location you will
remember.
This password is also referred to as a challenge password.
Chapter 28
Public Key Infrastructure
OL-4015-08
Advertisement
Table of Contents
Troubleshooting
