Table of Contents
Advertisement
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
% The 'show crypto ca certificate' command will also show the fingerprint.
router(config)# exit
router#show crypto ca certificates
CA Certificate
Status: Available
Certificate Serial Number: 1
Key Usage: Not Set
Certificate
Subject Name
Name: netscape.mcom.com
IP Address: 208.12.63.193
Serial Number: 08342063
Status: Pending
Key Usage: General Purpose
Fingerprint:
Testing Your Enrollment Setup
This section provides a procedure for testing your enrollment setup in the legacy
enrollment. If you want to do it through profiles, please read the instructions in
Chapter 10, "Certificate Profiles." To test whether your end users can successfully
enroll for a certificate using the authentication method you've set up:
Go to the end-entity interface for the enrollment authority you configured.
1.
The default URL is as follows:
https://<hostname>:<end_entity_HTTPS_port>
http://<hostname>:<end_entity_HTTP_port>
In the Enrollment tab, open the enrollment form you customized.
2.
Fill in all the values and submit the request.
3.
The client prompts you to enter the password for your key database.
4.
When you enter the correct password, the client generates the key pair.
5.
Do not interrupt the key-generation process. Upon completion of the key
generation, the request is submitted to the server for certificate issuance. The
server subjects the request to the currently configured policy rules and issues
the certificate only if the request passes all the policy rules.
91D70D7F D8BF0DFA E13F00B0 6EA706A0 00000000
Testing Your Enrollment Setup
or
Chapter 9
Authentication
425
Advertisement
Table of Contents
