How to Configure Certification Authority
To specify that certificates and CRLs should not be stored locally on your device, but should be retrieved
when required, enable query mode by using the following command in global configuration mode:
Query mode may affect availability if the CA is down.
Note
SUMMARY STEPS
1. crypto ca certificate query
DETAILED STEPS
Command or Action
Step 1
crypto ca certificate query
Example:
Device(config)# crypto ca certificate query
Configuring the Device Host Name and IP Domain Name
You must configure the host name and IP domain name of a device if this has not already been done. This is
required because the device assigns a fully qualified domain name (FQDN) to the keys and certificates used
by IPsec, and the FQDN is based on the host name and IP domain name assigned to the device. For example,
a certificate named "device20.example.com" is based on a device host name of "device20" and a device IP
domain name of "example.com".
SUMMARY STEPS
1. enable
2. configure terminal
3. hostname name
4. ip domain-name name
5. end
DETAILED STEPS
Command or Action
Step 1
enable
Example:
Device> enable
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1146
Purpose
Enables query mode, which causes certificates and CRLs
not to be stored locally.
Purpose
Enables privileged EXEC mode.
• Enter your password if prompted.