Verifying The Server And User Authentication Using Digital Certificates - Cisco Catalyst 2960 series Configuration Manual

Verifying the Server and User Authentication Using Digital Certificates

Command or Action
Step 5
ip ssh server certificate profile
Example:
Switch(config)# ip ssh server certificate
profile
Step 6
user
Example:
Switch(ssh-server-cert-profile)# user
Step 7 trustpoint verify PKI-trustpoint-name
Example:
Switch(ssh-server-cert-profile-user)#
trustpoint verify trust2
Step 8
ocsp-response required
Example:
Switch(ssh-server-cert-profile-user)#
ocsp-response required
Step 9
end
Example:
Switch(ssh-server-cert-profile-user)# end
Verifying the Server and User Authentication Using Digital Certificates
SUMMARY STEPS
1. enable
2. show ip ssh
DETAILED STEPS
Step 1
enable
Enables privileged EXEC mode.
• Enter your password if prompted.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1122
Purpose
Configures server certificate profile and user certificate profile and
enters SSH certificate profile configuration mode.
Configures user certificate profile and enters SSH server certificate
profile user configuration mode.
Configures the public key infrastructure (PKI) trustpoint that is used
to verify the incoming user certificate.
Configure multiple trustpoints by executing the same
Note
command multiple times. A maximum of 10 trustpoints can
be configured.
(Optional) Mandates the presence of the Online Certificate Status
Protocol (OCSP) response with the incoming user certificate.
By default, the user certificate is accepted without an OCSP
Note
response.
Exits SSH server certificate profile user configuration mode and
returns to privileged EXEC mode.