Table of Contents
Advertisement
Configuring Certificates Using the crypto pki CLI
Command
Step 5
subject-name CN=name
Step 6
exit
Step 7
crypto pki authenticate name
Step 8
quit
Step 9
crypto pki enroll name
Step 10
crypto pki import name certificate
Step 11
quit
Step 12
end
Step 13
copy running-config startup-config (Optional) Saves your entries in the configuration file.
The following example shows the manual configuration method:
maldives-ap#
maldives-ap#conf t
Enter configuration commands, one per line.
maldives-ap(config)#crypto pki trustpoint TFTP-CUT-PASTE
maldives-ap(ca-trustpoint)#enrollment terminal
maldives-ap(ca-trustpoint)#rsakeypair manual-keys 1024
maldives-ap(ca-trustpoint)#exit
!
maldives-ap#show run
...
crypto pki trustpoint TEST-TFTP
enrollment terminal
rsakeypair manual-keys 1024
!
After the trustpoint was defined for enrollment via the terminal, the CA certificate must
be imported:
maldives-ap(config)#crypto pki authenticate TFTP-CUT-PASTE
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIIC5zCCApGgAwIBAgIQdngf6fp6ZqdEX1QPnzgqiDANBgkqhkiG9w0BAQUFADB9
MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxFjAU
BgNVBAoTDUNpc2NvIFN5c3RlbXMxFDASBgNVBAsTC1dOQlUgU3lkbmV5MSEwHwYD
VQQDExh3bmJ1LXN5ZC1hY3MtYS5jaXNjby5jb20wHhcNMDUwNjE1MDQ1MzQ5WhcN
MDgwNjE1MDUwMzM0WjB9MQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYD
VQQHEwZTeWRuZXkxFjAUBgNVBAoTDUNpc2NvIFN5c3RlbXMxFDASBgNVBAsTC1dO
QlUgU3lkbmV5MSEwHwYDVQQDExh3bmJ1LXN5ZC1hY3MtYS5jaXNjby5jb20wXDAN
BgkqhkiG9w0BAQEFAANLADBIAkEAnDZq1u+RhYyC8uNdsuXDwOve1yEZvKJerrb6
XFVyJZV4jfSKSnZ2ZRNf3VX3NcRyQxKSszgCHMGcUyBnH350ZwIDAQABo4HsMIHp
MAsGA1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSB9hMkazhs
ebKHX3b9qw8VPilQRzCBlwYDVR0fBIGPMIGMMEOgQaA/hj1odHRwOi8vd25idS1z
eWQtYWNzLWEvQ2VydEVucm9sbC93bmJ1LXN5ZC1hY3MtYS5jaXNjby5jb20uY3Js
MEWgQ6BBhj9maWxlOi8vXFx3bmJ1LXN5ZC1hY3MtYVxDZXJ0RW5yb2xsXHduYnUt
Cisco 3200 Series Wireless MIC Software Configuration Guide
8
Purpose
Adds the subject name in the certificate. The name should be
same as the user name defined in the dot1x credentials name
command.
Returns to global configuration mode.
Enters the process of importing the certificate. The script
prompts you to enter (copy and paste) the CA certificate.
Exits the import CA certificate process.
Requests a router certificate from a CA. This step generates the
certificate request that should be copied on the CA server to
receive a router certificate.
Imports a router certificate.
Completes the router certificate import process.
Ends EXEC mode.
End with CNTL/Z.
Authentication Types
Hide quick links:
Advertisement
Table of Contents
