Enrolling A Certificate In A Cisco Router; Preparation; Configuration - Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.3 - ADMINISTRATION:
- Manual (98 pages) ,
- Release note (24 pages) ,
- Manual (76 pages)
Table of Contents
Advertisement
Appendix C. Enrolling a Certificate in a
Cisco Router
IOS version
Not all versions of IOS have the relevant 'crypto' features. You must install a firmware image with the
"Certification Authority Interoperability" feature.
SCEP support for CS was tested on a Cisco 2611 router running the following version of IOS:
IOS (tm) C2600 Software (C2600-JK9S-M), Version 12.2(40), RELEASE SOFTWARE (fc1)
C.1. Preparation
Your router must be configured with an IP address, DNS server, and routing information. The router's
date/time must be correct. Also, the router's hostname and dnsname must be configured. Please see
"Cisco Router Configuration" to describe how to accomplish all this.
C.2. Configuration
The router's hostname is scep. Log into the router's console, you'll see the following prompt:
scep>
Now run the following commands in sequence:
Enable Privileged Commands:
scep> enable
Enter Configuration Mode:
scep# conf t
Set up a CA identity:
scep(config)# crypto ca identity CA
scep(ca-identity)# enrollment url http://water.sfbay.redhat.com:9080/ca/cgi-bin
scep(ca-identity)# crl optional
scep(ca-identity)# exit
Get the CA's certificate:
scep(config)# crypto ca authenticate CA
Certificate has the following attributes:
Fingerprint: 145E3825 31998BA7 F001EA9A B4001F57
% Do you accept this certificate? [yes/no]: yes
507
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.3 - ADMINISTRATION and is the answer not in the manual?
Questions and answers