Crypto Ca Enroll - Cisco Nexus 7000 Series Command Reference Manual

C Commands

crypto ca enroll

To request a certificate for the device RSA key pair created for this trustpoint CA, use the crypto ca enroll
command.
crypto ca enroll trustpoint-label
Syntax Description
trustpoint-label
Command Default
None
Command Modes
Global configuration
Command History
Release
4.1(2)
Usage Guidelines
A Cisco NX-OS device enrolls with the trustpoint CA to obtain an identity certificate. You can enroll your
device with multiple trustpoints and obtain a separate identity certificate from each trustpoint.
When enrolling with a trustpoint, you must specify an RSA key pair to certify. You must generate the key
pair and associate it to the trustpoint before generating the enrollment request.
Use the crypto ca enroll command to generate a request to obtain an identity certificate from each of your
trustpoints that correspond to authenticated CAs. The certificate signing request (CSR) generated is per the
Public-Key Cryptography Standards (PKCS) #10 standard and is displayed in the PEM format. You then cut
and paste the certificate and submit it to the corresponding CA through an e-mail or on the CA website. The
CA administrator issues the certificate and makes it available to you either through the website or by sending
it in an e-mail. You need to import the obtained identity certificate that corresponds to the trustpoint using
the crypto ca import trustpoint-label certificate command.
The device does not save the challenge password with the configuration. Record this password so that
Note
you can provide it if you need to revoke your certificate.
This command does not require a license.
Examples This example shows how to generate a certificate request for an authenticated CA:
switch# configure terminal
switch(config)# crypto ca enroll myCA
Name of the trustpoint. The maximum size is 64
characters.
Modification
This command was introduced.
Cisco Nexus 7000 Series Security Command Reference
crypto ca enroll
125