crypto ca authenticate command

Cisco Freak · ‎06-08-2016

Hi All,

Can anyone please explain me the actual purpose of ' crypto ca authenticate' command. I have read that this to trust the CA certificate.

What would happen if we are not authenticating a trustpoint?

CF

Aditya Ganjoo · ‎06-08-2016

Hi,

This command allows you to install the CA certificate and if you do not use this command you would be missing the certificate chain on the device and would face certificate validation errors.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Cisco Freak · ‎06-09-2016

Hi Aditya,

Consider this situation: CA certficate -> Intermediate CA certificate -> Client Certificate.

In a situation like this, we are installing the Intermediate CA certificate with the 'cryptop ca authenticate' command right?

Do we have to install the CA certificate as well?

CF

Aditya Ganjoo · ‎06-09-2016

Yes we need to install all the three certificates and that's what we call as an entire certificate chain.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Dina Odeh · ‎06-13-2016

Hi,

I agree with Aditya. The Root CA certificate should be installed on a separate trust-point and the intermediate one should be installed on the Client certificate trust-point,

Cisco Freak · ‎06-13-2016

One more question.

If I have mapped device certificate and the intermediate certificate to the trustpoint1 and mapped root CA certificate to trustpoint2, do I have to do any other config to link trustpoint1 and trustpoint2 ?

CF

Dina Odeh · ‎06-13-2016

No, you don't need to do that.

Could you tell me what is this certificate used for ?

Cisco Freak · ‎06-13-2016

I am installing a certificate in an ASA which will act as the VPN FW.

Dina Odeh · ‎06-13-2016

Okay fine.

Apply please the trust-point that have the ASA and intermediate certificate on the outside interface not the root one.