08-26-2019 07:52 AM
Hello,
We recently upgraded to IOS to 16.9.3 on Routers (ISR 4431) and Switches (3850), and I have noticed a new certificate has been installed.
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
I have searched the net but I can't seem to find any information about what is used for.
I would like to delete from our config, but I wanted to make sure it wasn't necessary to have it on the running config.
Thanks,
raman
08-26-2019 08:06 AM
Hi,
Have a look at this link. If you don't have any CA trustporint, you don't need it
https://community.cisco.com/t5/vpn-and-anyconnect/what-is-a-pki-trustpoint/td-p/1404603
HTH
08-26-2019 08:17 AM - edited 08-26-2019 08:24 AM
We will eventually have the CA server, but for now we are using the self-signed certs generated by the device.
I was curious about why SLA-trustpoint was installed. Prior to SW upgrade we only had the crypto pki certificate chain TP-self-signed . When I do a show run command, I see two signed certs, where normally I would see only one.
08-26-2019 08:31 AM
It is probably a new feature they added to the new version and enabled it by default.
HTH
11-06-2024 06:32 AM
Hi,
it it used for connection with CSSM
SLA-TrustPoint
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/LTROPS-1007.pdf
pg14
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide