08-01-2022 10:15 AM
Good Morning/Afternoon,
We have a security requirement to use CA enrollment in our environment that was recently announced. On several devices i will be using terminal/cut and paste because these devices cannot use SCEP for re-enrollment.
I'am able to create trustpoints and generate a CSR to send to our team which handles the CA. They are then able to send me back a .cer with the FQDN.
Within this, i can export the root and intermediate certificate to a base 64 text file which IOS XE will accept for certificate enrollment.
I have some confusion on two commands:
crypto pki authenticate <trustpointname>
and
crypto pki import <trustpointname>
Should i be using the authenticate command for the CA and int-CA certificates, and then the import for the device certificate?
I have been unable to get windows to allow me to export the device certificate to a base 64 file for terminal copy/paste.
Thank you for your assistance.
08-01-2022 01:48 PM
https://www.ciscopress.com/articles/article.asp?p=1684781
follow these steps
08-01-2022 09:42 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide