Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1196
Views
5
Helpful
7
Replies

Switch Certificate signing from Microsoft CA

mel-ghazali
Level 1
Level 1

‎03-10-2018 11:33 PM - edited ‎03-08-2019 02:12 PM

Hello Dears

any one can tell me the procedures of signing switch certificate from Microsoft CA. as the configuration of this part is not clear in the configuration guides.

This is because I need to cover the vulnerabilities regarding the switch certificate.

 

Labels:
0 Helpful
7 Replies 7

Deepak Kumar
VIP Alumni
VIP Alumni

‎03-10-2018 11:41 PM

Hi,

Visit at below support form:

https://supportforums.cisco.com/t5/vpn/installing-ssl-certificate-s-on-ios/td-p/1527611

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

mel-ghazali
Level 1
Level 1
In response to Deepak Kumar

‎03-11-2018 12:55 AM

the command "Crypto ca trustpoint " is not valid

0 Helpful

Karsten Iwen
VIP
VIP
In response to mel-ghazali

‎03-11-2018 03:48 PM

Use the command "crypto pki trustpoint XXX". If that is also not available, you need to change your IOS to one that supports crypto. These have an "k9"in the name.

0 Helpful

mel-ghazali
Level 1
Level 1
In response to Karsten Iwen

‎03-22-2018 07:03 AM

I created a web certificate from the ca and then I issued crypto pki import TrustPointName from tftp, then creates the trustpoints. then I used this trustpoint in the http by " ip http secure-trustpoint TrustPointName "

0 Helpful

ITexpert
Level 3
Level 3
In response to mel-ghazali

‎03-22-2018 09:20 AM

Hello Guys,

 

I see these commands on my switches too, whats the purpose of issuing certificate on switches.

 

I never issue certificate to switch.

 

Thanks,

Lovejit

0 Helpful

Karsten Iwen
VIP
VIP
In response to ITexpert

‎03-22-2018 09:42 AM

There are two typical use-cases for certificates on the switch:

  1. Device-management with the GUI.
  2. Web-Authentication for users entering the network.

If you don't have one of these use-cases, you typically don't need these certificates.

ITexpert
Level 3
Level 3
In response to Karsten Iwen

‎03-22-2018 10:28 AM

Hello Karsten,

 

I thing GUI management we can do through CCP as well, Do we need certificate for that too?

 

@Karsten Iwen So after deploying certificate and doing Web Authentication it will work only for Domain Users, or it will work for local users too?

 

@Deepak Kumar @Richard Burts

 

Thanks,
Lovejit

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card