cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
294
Views
5
Helpful
7
Replies
mel-ghazali
Beginner

Switch Certificate signing from Microsoft CA

Hello Dears

any one can tell me the procedures of signing switch certificate from Microsoft CA. as the configuration of this part is not clear in the configuration guides.

This is because I need to cover the vulnerabilities regarding the switch certificate.

 

7 REPLIES 7
Deepak Kumar
VIP Advocate

Hi,

Visit at below support form:

https://supportforums.cisco.com/t5/vpn/installing-ssl-certificate-s-on-ios/td-p/1527611

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

the command "Crypto ca trustpoint " is not valid

Use the command "crypto pki trustpoint XXX". If that is also not available, you need to change your IOS to one that supports crypto. These have an "k9"in the name.

I created a web certificate from the ca and then I issued crypto pki import TrustPointName from tftp, then creates the trustpoints. then I used this trustpoint in the http by " ip http secure-trustpoint TrustPointName "

Hello Guys,

 

I see these commands on my switches too, whats the purpose of issuing certificate on switches.

 

I never issue certificate to switch.

 

Thanks,

Lovejit

There are two typical use-cases for certificates on the switch:

  1. Device-management with the GUI.
  2. Web-Authentication for users entering the network.

If you don't have one of these use-cases, you typically don't need these certificates.

Hello Karsten,

 

I thing GUI management we can do through CCP as well, Do we need certificate for that too?

 

@Karsten Iwen So after deploying certificate and doing Web Authentication it will work only for Domain Users, or it will work for local users too?

 

@Deepak Kumar @Richard Burts

 

Thanks,
Lovejit