Need help to configure CA Signed Certificate on Cisco 2960X

vinod.tiwari16 · ‎08-03-2017

Hello,

I have multiple Cisco 2960X Switches and i want to configure CA Signed SSL Certificate on Switch but unable to configure the same..

Please help to get this configure..

Thank You

Georg Pauwen · ‎08-03-2017

Hello,

can you be more specific about where you get stuck ? Have you configured a CA Trustpoint ?

Post the config you have so far...

Also, refer to this document:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01010.html#d72206e292a1635

vinod.tiwari16 · ‎08-04-2017

crypto pki trustpoint abc-xyz
enrollment terminal pem
usage ssl-server
ip-address none
subject-name CN=abc-xyz D=xx C=xx S=xxxx
revocation-check crl
eckeypair xx2017
hash sha256

When i am exporting this to get signed by CA then i am getting below error:

Abc(config)#crypto pki export abc-xyz pem terminal
% The specified trustpoint is not authenticated (abc-xyz).
Abc(config)#

Georg Pauwen · ‎08-04-2017

Sorry for asking stupid questions, but did you authenticate with 'crypto pki authenticate' ?

vinod.tiwari16 · ‎08-04-2017

Tried to Authenticate but it was asking for CA Server..

That was not getting connected.

Abc(config)#crypto pki authenticate abc-xyz

Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself

% Error processing Certificate Authority certificate.
Abc(config)#

Rob Ingram · ‎08-04-2017

So when you enter the command crypto pki authenticate you will need to paste the contents of the Root CA certificiate, this is the CA that is signing the certificate of the switch.