Configuration Using Scep - Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module Software Configuration Manual

Wireless mic

Table of Contents

Configuring Certificates Using the crypto pki CLI

The following example shows the TFTP configuration method:

maldives-ap#show run

...

crypto pki trustpoint TEST-TFTP

enrollment url tftp://10.67.64.21/ndupreez/my-acs

revocation-check crl

rsakeypair 1024

Configuration Using SCEP

Configuration using Certificate Enrollment Protocol (SCEP) is available when a Windows 2003 server

is used as the CA server, and is a convenient way of importing CA and router certificates. Follow these

steps to use SCEP:

Command

Step 1

configure terminal

Step 2

crypto pki trustpoint name

Step 3

enrollment url http://address

Step 4

rsakeypair name 1024

Step 5

subject-name CN=name

Step 6

exit

Step 7

crypto pki authenticate name

Step 8

crypto pki enroll name

Step 9

end

Step 10

copy running-config startup-config (Optional) Saves your entries in the configuration file.

You can install the SCEP Add-on for Windows 2003 server from the following link:

Tip

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9f306763-d036-41d8-88

60-1636411b2d01

It is recommended that you use Windows Server 2003 Enterprise Edition as the Windows operating

system when SCEP is selected to acquire a certificate under the Enterprise Certificate Server (CA) mode

for the Windows CA server that works with the Cisco ACS server. Windows Server 2003 Enterprise

Edition allows the modification of the CA server template. For use of SCEP with the Enterprise CA

server, you must modify the IPSec template (offline request) so that its enhanced key usage extension is

same as that for the user template. Use certtmpl.msc to modify the template and ertsrv.msc to install the

modified template.

The following example shows SCEP certificate enrollment:

maldives-ap#

maldives-ap#conf t

Cisco 3200 Series Wireless MIC Software Configuration Guide

Purpose

Enters global configuration mode.

Specifies the name of the trustpoint.

Specifies the URL to be used for certificate enrollment.

Specifies that a scep key is will be generated with length 1024.

Adds the subject name in the certificate. The name should be

same as the user name defined in the dot1x credentials name

command.

Returns to global configuration mode.

Enters the process of importing the CA certificate.

Requests a router certificate from a CA. This step generates the

certificate request and puts it onto TFTP server. This request

should then be copied on to CA server to receive router

certificate.

Ends EXEC mode.

Authentication Types

Table of Contents

Show Quick Links

Quick Links:
Roles and the Associations of Wireless...
Connecting to the Wmic

Hide quick links:

Table of Contents

This manual is also suitable for:

C3230asy-kit= - 3200 series rugged enclosure assembly C3230enc-1wmic-k9 - 3230 router C3270enc-k9 3200 series

Configuration Using Scep - Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module Software Configuration Manual

Configuration Using SCEP

Hide quick links:

Related Manuals for Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module

Related Content for Cisco C3201FESMIC-TP= - 3201 Fast EN Switch Mobile Interface Card Expansion Module

This manual is also suitable for:

Table of Contents