Crypto Ca Trustpoint - Cisco Nexus 7000 Series Command Reference Manual

C Commands

crypto ca trustpoint

To create a trustpoint certificate authority (CA) that the device should trust and enter trustpoint configuration
mode, use the crypto ca trustpoint command. To remove the trustpoint, use the no form of this command.
crypto ca trustpoint trustpoint-label
no crypto ca trustpoint trustpoint-label
Syntax Description
trustpoint-label
Command Default
None
Command Modes
Global configuration
Command History
Release
4.1(2)
Usage Guidelines
Trustpoints have the following characteristics:
• A trustpoint corresponds to a single CA, which a Cisco NX-OS device trusts for peer certificate
• A CA must be explicitly associated to a trustpoint using the crypto ca authenticate command.
• A Cisco NX-OS device can have many trustpoints and all applications on the device can trust a peer
• A trustpoint is not restricted to a specific application.
• The Cisco NX-OS device can optionally enroll with a trustpoint CA to get an indemnity certificate for
You do not need to designate one or more trustpoints to an application. Any application should be able to use
any certificate issued by any trustpoint as long as the certificate satisfies the application requirement.
You do not need more than one identity certificate from a trustpoint or more than one key pair associated to
a trustpoint. A CA certifies a given identity (name) only once and does not issue multiple certificates with the
same subject name. If you need more than one identity certificate for a CA, define another trustpoint for the
same CA, associate another key pair to it, and have it certified if the CA allows multiple certificates with the
same subject name.
verification for any application.
certificate issued by any of the trustpoint CAs.
itself.
Name of the trustpoint. The name is alphanumeric,
case sensitive, and has a maximum of 64 characters.
Modification
This command was introduced.
Cisco Nexus 7000 Series Security Command Reference
crypto ca trustpoint
137