Dear,

thank you for the above, but in my case we don’t have windows CA server and we are not responsible on signing the CSR.

all that i want is the exact command cli step on the router to generate the CSR.(then we will give the CSR to the client to sign it).once signed, we need the command line exact step to install the (entrust certificate ) in the router.

thank you

That's fine, just ignore the section about signing the certificate - all the commands are there. Here is a break down of the commands:-

Ensure the Trustpoint is configured to use enrollment terminal

crypto pki trustpoint <TRUSTPOINT-NAME>
 enrollment terminal

Acquire the Root certificate and copy and paste the contents of the ROOT certificate into the console session:

crypto pki authenticate <TRUSTPOINT-NAME>

Enroll the certificate to generate the CSR

crypto pki enroll <TRUSTPOINT_NAME>

Copy the contents of the CSR and save to file .e.g. routerreq.csr 

Send the certificate off to the CA to get signed

Once signed, open the signed certificate filename.cer in notepad and copy the contents

On the router run the command crypto pki import certificate

HTH

Hi,

Thank you for the below.

I already did a summary step by step.

Kindly confirm the attached document.

You'll want to change the fqdn and subject-name to be more relevant to your company.

The trustpoint name <TRUSTPOINT_NAME> would need to match the real name of whatever you define the trustpoint. In your doc you re-used the example from the link I provided, which was LAB_PKI. So whenever you see <TRUSTPOINT_NAME> replace with LAB_PKI are whatever you plan on calling it.

HTH

Hi,

sure sure.

i just put an example that i will follow step by step. Regarding the naming , i will change it.

thank you.