Removing Key Pairs 39+\7; Configuring Trustpoints 39+\7 - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 39
Configuring Certificates
30819f30 0d06092a 864886f7 0d010101 05000381 8d003081 89028181 00ea51b7
0781848f 78bccac2 4a1b5b8d 2f3e30b4 4cae9f86 f4485207 159108c9 f5e49103
9eeb0f5d 45fd1811 3b4aafce 292b3b64 b4124a6f 7a777b08 75b88df1 8092a9f8
5508e9e5 2c271245 7fd1c0c3 3aaf1e04 c7c4efa4 600f4c4a 6afe56ad c1d2c01c
e08407dd 45d9e36e 8cc0bfef 14f9e6ac eca141e4 276d7358 f7f50d13 79020301 0001
Key pair was generated at: 16:34:54 central Feb 10 2005
Save the key pair you have generated. To do so, save the running configuration by entering the write
Step 3
memory command.
Removing Key Pairs
To remove key pairs, use the crypto key zeroize command in global configuration mode.
The following example removes RSA key pairs:
hostname(config)# crypto key zeroize rsa
WARNING: All RSA keys will be removed.
WARNING: All device certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no] y
hostname(config)#
Configuring Trustpoints
For information about trustpoints, see the
To configure a trustpoint, perform the following steps:
Create a trustpoint corresponding to the CA from which the security appliance needs to receive its
Step 1
certificate.
hostname/contexta(config)# crypto ca trustpoint trustpoint
For example, to declare a trustpoint called Main:
hostname/contexta(config)# crypto ca trustpoint Main
hostname/contexta(config-ca-trustpoint)#
Upon entering this command, you enter the Crypto ca trustpoint configuration mode.
Specify the enrollment method to be used with this trustpoint.
Step 2
To specify the enrollment method, do one of the following items:
•
•
OL-12172-03
To specify SCEP enrollment, use the enrollment url command to configure the URL to be used for
SCEP enrollment with the trustpoint you declared. For example, if the security appliance requests
certificates from trustpoint Main using the URL http://10.29.67.142:80/certsrv/mscep/mscep.dll,
then the command would be as follows:
hostname/contexta(config-ca-trustpoint)# enrollment url
http://10.29.67.142:80/certsrv/mscep/mscep.dll
To specify manual enrollment, use the enrollment terminal command to indicate that you will paste
the certificate received from the CA into the terminal.
"About Trustpoints" section on page
Cisco Security Appliance Command Line Configuration Guide
Certificate Configuration
39-3.
39-7
Advertisement
Table of Contents
Troubleshooting
