crypto ca identity
crypto ca identity name
nocrypto ca identity name
name Creates a name for the CA. (If you previously declared the CA and just want to update its characteristics, specify the name you previously created.) The CA might require a particular name, such as its domain name.
To declare the certification authority that your router should use, use the crypto ca identity command in global configuration mode. To delete all identity information and certificates associated with the CA, use the no form of this command.
The following example declares a CA and identifies characteristics of the CA. In this example, the name "myca"; is created for the CA, which is located at http://ca_server
The CA does not use an RA or LDAP, and the CA's scripts are stored in the default location. This is the minimum possible configuration required to declare a CA.Router(config)#crypto ca identity myca enrollment url http://ca_server
The following example declares a CA when the CA uses an RA. The CA's scripts are stored in the default location, and the CA uses the SCEP instead of LDAP. This is the minimum possible configuration required to declare a CA that uses an RA.Router(config)#crypto ca identity myca_with_ra enrollment url http://ca_server enrollment mode ra query url ldap://serverx
The following example declares a CA that uses an RA and a nonstandard cgi-bin script location. This example also specifies a nonstandard retry period and retry count, and permits the router to accept certificates when CRLs are not obtainable.Router(config)#crypto ca identity myca_with_ra enrollment url http://example_ca/cgi-bin/somewhere/scripts.exe enrollment mode ra query url ldap://serverx enrollment retry-period 20 enrollment retry-count 100 crl optional
In the previous example, if the router does not receive a certificate back from the CA within 20 minutes of sending a certificate request, the router will resend the certificate request. The router will keep sending a certificate request every 20 minutes until a certificate is received or until 100 requests have been sent.
If the CA cgi-bin script location is not /cgi-bin/pkiclient.exe at the CA (the default CA cgi-bin script location) you need to also include the nonstandard script location in the URL, in the form of http://CA_name/script_location where script_location is the full path to the CA scripts.
crypto ca enroll
Systems, Inc. 2001, 2002, 2003
World Wide Education
|Converted from CHM to HTML with chm2web Pro 2.85 (unicode)|