Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual

Command or Action
Step 3
crypto ca trustpoint name
Example:
Device(config)# crypto ca trustpoint ka
Step 4 enrollment url url
Example:
Device(ca-profile-enroll)# enrollment url
http://entrust:81
Step 5
enrollment command
Example:
Device(ca-profile-enroll)# enrollment command
Step 6
exit
Example:
Device(ca-profile-enroll)# exit
Step 7 crypto pki trustpoint name
Example:
Device(config)# crypto pki trustpoint ka
Step 8 crl query ldap://url:[port]
Example:
Device(ca-trustpoint)# crl query
ldap://bar.cisco.com:3899
Step 9 enrollment {mode ra | retry count number | retry
period minutes | url url}
Example:
Device(ca-trustpoint)# enrollment retry period
2
Step 10 enrollment {mode ra | retry count number | retry
period minutes | url url}
Example:
Device(ca-trustpoint)# enrollment retry count
8
Step 11 revocation-check method1 [method2 method3]
Example:
Device(ca-trustpoint)# revocation-check crl
ocsp

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)

How to Configure Certification Authority
Purpose
Declares the certification authority (CA) that your device
should use and enters the CA profile enroll configuration
mode.
Specifies the URL of the CA server to which enrollment
requests are sent.
Specifies the HTTP command that is sent to the CA for
enrollment.
Exit CA profile enroll configuration mode and returns to
global configuration mode.
Declares the trustpoint that your device should use and
enters Ca-trustpoint configuration mode.
Queries the certificate revocation list (CRL) to ensure that
the certificate of the peer is not revoked.
Specifies the enrollment wait period between certificate
request retries.
Specifies the number of times a device will resend a
certificate request when it does not receive a response from
the previous request.
Checks the revocation status of a certificate.
1149