cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
425
Views
0
Helpful
2
Replies

Terminal CA PKI Enrollment

jbulloch
Level 1
Level 1

Good Morning/Afternoon,

We have a security requirement to use CA enrollment in our environment that was recently announced. On several devices i will be using terminal/cut and paste because these devices cannot use SCEP for re-enrollment.

I'am able to create trustpoints and generate a CSR to send to our team which handles the CA. They are then able to send me back a .cer with the FQDN.

Within this, i can export the root and intermediate  certificate to a base 64 text file which IOS XE will accept for certificate enrollment.

I have some confusion on two commands:

 

crypto pki authenticate <trustpointname>

and 

crypto pki import <trustpointname>

 

Should i be using the authenticate command for the CA and int-CA certificates, and then the import for the device certificate?

 

I have been unable to get windows to allow me to export the device certificate to  a base 64 file for terminal copy/paste.

 

Thank you for your assistance.

 

2 Replies 2
Review Cisco Networking for a $25 gift card