hi

I have succesfuly configured 2 routers using digital certififcates, I dont have any problem with that part of config. I am strugling to understand how in future router can renew a certificate from MS CA server without any manual interventation ( I know CA admin will have to issue certificate ) with auto enrol function. the sample config shown below also talks about password, now is this the password used while enroling for certificate ?

3640(config)#crypto ca trustpoint SJPKI

3640(ca-trustpoint)#auto-enroll

3640(ca-trustpoint)#password revokeme

What will happen when certificate on remote router expires, with auto enrol command, router will try to enrol for new certificate. now as per my understanding when you enrol you have to provide a password... I am confused how will it work.

regards

thanks

Hmm...I am not too sure about this either.

AFAIK, the password is only for certifcate revocation.

Also, in the MS CA Server, there is an "Auto-enroll" option , which is disabled by default. So perhaps you can try changing this and share your expirience.

Thanks,

~preetham

hi

where exactly in ca server, there is an auto-enrol option... i couldnt locate any where

thanks