Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1791
Views
0
Helpful
4
Replies

Configure CA Server - Nexus 9k

Go to solution
Willnetwork
Level 1
Level 1

‎05-26-2021 12:54 PM

Is it possible to configure my Nexus 9k to be a CA server? If so, please provide configuration guide link/URL.

 

Thank you!

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Willnetwork

‎05-27-2021 02:06 AM

Lets discuss facts here, Most of DC envronment have CA/ PKI full infrastructure availble, most time this is good to in Lab environment to be deployed as testing.

 

But personally i do not suggested in production environment Switch ACT CA/PKI Server, rather i get simple Pi or any Linux box act as PKI Server

 

or if you have ISE can do the job most of the cisco environment.

 

yes - i provided the information so you understand correctly before we put in  live environment.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Willnetwork
Level 1
Level 1
In response to balaji.bandi

‎05-26-2021 03:13 PM

balaji,

 

Thank you for the quick reply!

 

After reading the documentation you posted, it looks like the NX-OS doesn't support the ability to configure the Nexus 9k as a CA Server. The documentation you provided explains how to configure trusted CAs but the ability to configure the Nexus 9k as an actual CA server that would allow me to issue/sign certificates.

 

Do you agree?

 

v/r

Willnetwork 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Willnetwork

‎05-27-2021 02:06 AM

Lets discuss facts here, Most of DC envronment have CA/ PKI full infrastructure availble, most time this is good to in Lab environment to be deployed as testing.

 

But personally i do not suggested in production environment Switch ACT CA/PKI Server, rather i get simple Pi or any Linux box act as PKI Server

 

or if you have ISE can do the job most of the cisco environment.

 

yes - i provided the information so you understand correctly before we put in  live environment.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Willnetwork
Level 1
Level 1
In response to balaji.bandi

‎05-27-2021 04:55 AM

Balaji,

 

Again, thank you for your reply!

Our SysAdmin will deploy a CA/PKI server on a Windows 2019 server (within our server farm) and it will server as our long-term PKI solution for the infrastructure.

I was hoping to configure my Nexus 9k L3 switches as a CA/PKI server only as a temporary solution for testing purposes, but unfortunately this doesn't seem possible.

Again, thank you for all the useful information and replies.  

 

v/r

Willnetwork

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card