https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894482#M153186 <P>Okay fine.&nbsp;</P> <P></P> <P>Apply please the trust-point that have the ASA and intermediate certificate on the outside interface not the root one.&nbsp;</P> Mon, 13 Jun 2016 18:06:23 GMT Dina Odeh 2016-06-13T18:06:23Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894474#M153172 <P>Hi All,</P> <P></P> <P>Can anyone please explain me the actual purpose of '&nbsp;crypto ca &nbsp;authenticate' command. I have read that this to trust the CA certificate.</P> <P></P> <P>What would happen if we are not authenticating a trustpoint?</P> <P></P> <P>CF</P> Tue, 12 Mar 2019 07:51:55 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894474#M153172 Cisco Freak 2019-03-12T07:51:55Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894475#M153174 <P>Hi,</P> <P></P> <P>This command allows you to install the CA certificate and if you do not use this command you would be missing the certificate chain on the device and would face certificate validation errors.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Wed, 08 Jun 2016 23:48:57 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894475#M153174 Aditya Ganjoo 2016-06-08T23:48:57Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894476#M153176 <P>Hi Aditya,</P> <P>Consider this situation: CA certficate -&gt; Intermediate CA certificate -&gt; Client Certificate.</P> <P>In a situation like this, we are installing the Intermediate CA certificate with the 'cryptop ca authenticate' command right?</P> <P>Do we have to install the CA certificate as well?</P> <P></P> <P>CF</P> <P></P> Thu, 09 Jun 2016 19:31:00 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894476#M153176 Cisco Freak 2016-06-09T19:31:00Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894477#M153178 <P>Yes we need to install all the three certificates and that's what we call as an entire certificate chain.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> Thu, 09 Jun 2016 23:52:16 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894477#M153178 Aditya Ganjoo 2016-06-09T23:52:16Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894478#M153180 <P>Hi,&nbsp;</P> <P></P> <P>I agree with Aditya. The Root CA certificate should be installed on a separate trust-point and the intermediate one should be installed on the Client certificate trust-point,&nbsp;</P> Mon, 13 Jun 2016 08:37:17 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894478#M153180 Dina Odeh 2016-06-13T08:37:17Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894479#M153183 <P>One more question.</P> <P>&nbsp;If I have mapped device certificate and the intermediate certificate to the trustpoint1 and mapped root CA certificate to&nbsp;<SPAN>trustpoint2, do I have to do any other config to link trustpoint1 and trustpoint2 ?</SPAN></P> <P></P> <P>CF</P> Mon, 13 Jun 2016 16:03:02 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894479#M153183 Cisco Freak 2016-06-13T16:03:02Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894480#M153184 <P>No, you don't need to do that.&nbsp;</P> <P></P> <P>Could you tell me what is this certificate used for ?&nbsp;</P> Mon, 13 Jun 2016 16:05:00 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894480#M153184 Dina Odeh 2016-06-13T16:05:00Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894481#M153185 <P>I am installing a certificate in an ASA which will act as the VPN FW.</P> <P></P> Mon, 13 Jun 2016 16:49:51 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894481#M153185 Cisco Freak 2016-06-13T16:49:51Z https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894482#M153186 <P>Okay fine.&nbsp;</P> <P></P> <P>Apply please the trust-point that have the ASA and intermediate certificate on the outside interface not the root one.&nbsp;</P> Mon, 13 Jun 2016 18:06:23 GMT https://community.cisco.com/t5/network-security/crypto-ca-authenticate-command/m-p/2894482#M153186 Dina Odeh 2016-06-13T18:06:23Z