Cisco MDS 9000 Series Configuration Manual page 143

Configuring Certificate Authorities and Digital Certificates
Note You must authenticate the CA before configuring certificate revocation checking.
To configure certificate revocation checking methods, follow these steps:
Procedure
Step 1 switch(config)# crypto ca trustpoint admin-ca
switch(config-trustpoint)#
Declares a trust point CA that the switch should trust and enters trust point configuration submode.
Step 2
switch(config-trustpoint)# revocation-check crl
Specifies CRL (default) as the revocation checking method to be employed during verification of peer
certificates issued by the same CA as that of this trust point.
Step 3
switch(config-trustpoint)# revocation-check none
Does not check for revoked certificates.
Step 4
switch(config-trustpoint)# no revocation-check
Reverts to default method.
Generating Certificate Requests
You must generate a request to obtain identity certificates from the associated trust point CA for each of your
switch's RSA key-pairs. You must then cut and paste the displayed request into an e-mail message or in a
website form for the CA.
To generate a request for signed certificates from the CA, follow these steps:
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2 switch(config)# crypto ca enroll admin-ca
Create the certificate request..
Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password: nbv123
The subject name in the certificate will be: Vegas-1.cisco.com
Include the switch serial number in the subject name? [yes/no]: no
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Generating Certificate Requests
125