Table of Contents
Advertisement
Authentication Types
c3lkLWFjcy1hLmNpc2NvLmNvbS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
hvcNAQEFBQADQQA7G8rL3ZHFfc3EdeklxMz72qdSnXg05uZZ51USuAMJKc1rGJUT
C0Bkre8+ov2xmZGVHC8xOpDk7bZzs/iinLnq
-----END CERTIFICATE-----
quit
Certificate has the following attributes:
Fingerprint: 45EC6866 A66B4D8F 2E05960F BC5C1B76
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
The next step is to generate the keys and an enrollment request (see below). Note that
although it is possible to explicitly generate the keys, it is not necessary as the
enrollment process will automatically generate (or re-generate if previously configured)
the required keys. This request must then be submitted to the Certificate Authority to
have it signed and a certificate issued.
maldives-ap(config)#crypto pki enroll TEST-CUT-PASTE
% Start certificate enrollment..
% The fully-qualified domain name in the certificate will be: maldives-ap.cisco.com
% The subject name in the certificate will be: maldives-ap.cisco.com
% Include the router serial number in the subject name? [yes/no]:yes
Jun 29 12:17:08.232: %CRYPTO-6-AUTOGEN: Generated new 1024 bit key pair
% The serial number in the certificate will be: 80AD5AD4
% Include an IP address in the subject name? [no]:
Display Certificate Request to terminal? [yes/no]: yes
Certificate Request follows:
MIIBmDCCAQECAQAwNzE1MA8GA1UEBRMIODBBRDVBRDQwIgYJKoZIhvcNAQkCFhVt
YWxkaXZlcy1hcC5jaXNjby5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AOexwH9eW7n+3MEivmSHpBO3kqSdvZnf5dvOKyVoy8ZJpM2O6j0jfzOTD3IxHeQE
MUiEzWKybt2k/HQTuND+zVhbgWQd9J3JnCrvUMij48fV7MydyZYQ2eHDgQEN64d4
RBPFi51C+2xX1SzELJfGU2oxeQ6AsW/A/2S7GCycFW7rAgMBAAGgITAfBgkqhkiG
9w0BCQ4xEjAQMA4GA1UdDwEB/wQEAwIFoDANBgkqhkiG9w0BAQQFAAOBgQBoph/j
DHMh7U4yN0lYUS3OfpCtDl8e5QBp1MFYqMDP4aWeL/AdKVTNWBBElQh+M96uMyY2
/AEwFfsJsU1q6u3Kg4kJWht8F7a60OhQRfQ1CSiy18Z9vqA4KY15hbWhwj3JtuTA
kpqCzR30u+auN7WuS/PnVr+vnSCMt69P6wLHHw==
---End - This line not part of the certificate request---
Redisplay enrollment request? [yes/no]: no
maldives-ap(config)#
After the certificate (or multiple certificates if separate signature and encryption certs
are required) is issued by the CA, it must be imported into the device via:
maldives-ap(config)#crypto pki import ?
WORD
maldives-ap(config)#crypto pki import TEST-CUT-PASTE ?
certificate
pem
pkcs12
maldives-ap(config)#crypto pki import TEST-CUT-PASTE certificate
% The fully-qualified domain name in the certificate will be: maldives-ap.cisco.com
Enter the base 64 encoded certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIIERjCCA/CgAwIBAgIKHVHsoQAAAAAAJzANBgkqhkiG9w0BAQUFADB9MQswCQYD
VQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxFjAUBgNVBAoT
Trustpoint label to associate certificate or pkcs-12 file with
Import a certificate from a TFTP server or the terminal
Import from PEM files
Import from PKCS12 file
Configuring Certificates Using the crypto pki CLI
Cisco 3200 Series Wireless MIC Software Configuration Guide
9
Hide quick links:
Advertisement
Table of Contents
