Crypto Ca Enroll - Cisco MDS 9000 series Command Reference Manual
Hide thumbs
Also See for MDS 9000 series:
- Configuration manual (344 pages) ,
- Troubleshooting manual (161 pages) ,
- Hardware installation manual (60 pages)
Table of Contents
Advertisement
crypto ca enroll
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
crypto ca enroll
To request a certificate for the switch's RSA key pair created for this trust point CA, use the crypto ca
enroll command in configuration mode.
Syntax Description
trustpoint-label
Defaults
None.
Command Modes
Configuration mode.
Command History
Release
3.0(1)
Usage Guidelines
An MDS switch can enroll with the trust point CA to get an identity in the form of a certificate. You can
enroll your switch with multiple trust points, thereby getting a separate identity certificate from each.
When enrolling with a trust point, you must specify an RSA key pair to be certified. This key pair must
be generated and associated to the trust point before generating the enrollment request. The association
between the trust point, key pair, and identity certificate is valid until it is explicitly removed by deleting
the identity certificate first, followed by disassociating the key pair, and deleting the CA certificates (in
any order), and finally deleting the trust point itself, in that order only.
Use the crypto ca enroll command to generate a request to obtain an identity certificate from each of
your trust points corresponding to authenticated CAs. The certificate signing request (CSR) generated
is per Public-Key Cryptography Standards (PKCS) #10 standard, and is displayed in PEM format. Cut
and paste it and submit it to the corresponding CA through e-mail or the CA website. The CA
administrator issues the certificate and makes it available to you either through the website or by sending
it in e-mail. You need to import the obtained identity certificate to the corresponding trust point using
the crypto ca import trustpoint-label certificate command.
The challenge password is not saved with the configuration. This password is required in the event that
your certificate needs to be revoked, so you must remember this password.
Examples
The following example generates a certificate request for an authenticated CA.
switch# config t
switch(config)# crypto ca enroll myCA
Create the certificate request ..
Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password:nbv123
Cisco MDS 9000 Family Command Reference
4-110
crypto ca enroll trustpoint-label
Modification
This command was introduced.
Specifies the name of the trust point. The maximum size is 64
characters.
Chapter 4
C Commands
OL-8413-07, Cisco MDS SAN-OS Release 3.x
Advertisement
Table of Contents
