ā08-26-2019 07:52 AM
Hello,
We recently upgraded to IOS to 16.9.3 on Routers (ISR 4431) and Switches (3850), and I have noticed a new certificate has been installed.
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
I have searched the net but I can't seem to find any information about what is used for.
I would like to delete from our config, but I wanted to make sure it wasn't necessary to have it on the running config.
Thanks,
raman
ā08-26-2019 08:06 AM
Hi,
Have a look at this link. If you don't have any CA trustporint, you don't need it
https://community.cisco.com/t5/vpn-and-anyconnect/what-is-a-pki-trustpoint/td-p/1404603
HTH
ā08-26-2019 08:17 AM - edited ā08-26-2019 08:24 AM
We will eventually have the CA server, but for now we are using the self-signed certs generated by the device.
I was curious about why SLA-trustpoint was installed. Prior to SW upgrade we only had the crypto pki certificate chain TP-self-signed . When I do a show run command, I see two signed certs, where normally I would see only one.
ā08-26-2019 08:31 AM
It is probably a new feature they added to the new version and enabled it by default.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide