Generate Certificate Signing request for the host certificate
crypto pki enroll cube1
hostname(config)#crypto pki enroll cube1 % Start certificate enrollment .. % The subject name in the certificate will include: CN=cube1.voipee.com % The subject name in the certificate will include: cube1.voipee.com % Include the router serial number in the subject name? [yes/no]: no % Include an IP address in the subject name? [no]: Display Certificate Request to terminal? [yes/no]: yes Certificate Request follows:
Certificate signing request will be displayed on the terminal, Copy this and Send to Certificate Provider so that they can provide you SSL Certificate.
# Add the certificates for or CA Trust Point(s)
Root CA for CA Trustpoint, Intermediate for Intermediate trustpoint and host for host trustpoint
crypto pki authenticate <trustpoint>
# Import only the host certificate(not CA)
crypto pki import cube1.voipee.com certificate
PS: If this is imported successfully that means CA and Intermediate were able to authenticate the host certificate, if it is not successful that means something was missing in the chain.
## During troubleshooting I found out: We need to authenticate the intermediate cert first with the same trustpoint as CSR(from which CSR was generated) and then imported the host certificate(router cert) with the same trustpoint. There after authenticate Root _CA
Some show command:
show crypto pki trustpoints
show run | be crypto pki trustpoints
show sip-ua tcp tls detail
show crypto key mypubkey cube1key
# To Remove trustpoint
no crypto pki trustpoint cube1.voipee.com
// Import Keypair and Certificate
This is usually used when you do backup restore on another hardware.
# Export the key and certificate(host and intermediate(if any)) from the source device