Obtaining Digital Certificates
If you have selected a digital certificate standard for the IKE authentication
method, you must obtain a certificate for the router. These instructions give
the steps for obtaining a certificate automatically using SCEP. See configura-
tion instructions in "Using Digital Certificates (Optional)" on page 10-54 to
learn how to obtain certificates manually.
Complete the following steps to obtain digital certificates:
1.
Select a CA server.
2.
Configure a profile for the CA:
Syntax: crypto ca profile <profile name>
3.
Select automatic enrollment:
Syntax: enrollment url http://<CA server's FQDN>/<filename>
4.
Exit to global configuration mode and download the CA certificate:
Syntax: crypto ca authenticate <profile name>
5.
Accept the certificate by pressing
6.
Generate a self certificate request:
Syntax: crypto ca enroll <profile name>
7.
Fill in the local router's information as prompted in the dialog box.
Virtual Private Networks
.
y
Quick Start
10-101