What is the Purpose of SLA-Trustpoint certificate?

RAMAN AZIZIAN · ‎08-26-2019

Hello,

We recently upgraded to IOS to 16.9.3 on Routers (ISR 4431) and Switches (3850), and I have noticed a new certificate has been installed.

crypto pki trustpoint SLA-TrustPoint

enrollment pkcs12

revocation-check crl

I have searched the net but I can't seem to find any information about what is used for.

I would like to delete from our config, but I wanted to make sure it wasn't necessary to have it on the running config.

Thanks,

raman

Reza Sharifi · ‎08-26-2019

Hi,

Have a look at this link. If you don't have any CA trustporint, you don't need it

https://community.cisco.com/t5/vpn-and-anyconnect/what-is-a-pki-trustpoint/td-p/1404603

HTH

RAMAN AZIZIAN · ‎08-26-2019

We will eventually have the CA server, but for now we are using the self-signed certs generated by the device.

I was curious about why SLA-trustpoint was installed. Prior to SW upgrade we only had the crypto pki certificate chain TP-self-signed . When I do a show run command, I see two signed certs, where normally I would see only one.

Reza Sharifi · ‎08-26-2019

It is probably a new feature they added to the new version and enabled it by default.

HTH

stefanmtomasevic · ‎11-06-2024

Hi,

it it used for connection with CSSM

SLA-TrustPoint

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/LTROPS-1007.pdf

pg14