Solved: crypto pki authenticate ca

mulhollandm · ‎08-28-2014

folks

i'm trying to setup a site to site vpn between two 1900 routers using certificates to authenticate the peers

i copied in the root ca certificate, generated the csr and now have the server/router certificate

once i paste in the server certificate the router can't verify it

when i look at the certificate generate by our pki server it has a root, intermediate and enterprise certificate

i suspect i need to install the full chain but i paste in the certificates all together in order

root

intermediate

enterprise

just as i would the single root certificate?

or

is there a way to put in the chain

i'm running Version 15.2(4)M4

thanks to anyone taking the time to respond

nkarthikeyan · ‎08-28-2014

Hi,

Root and intermediate certificates needs to be installed together as authenticating certificate and your entreprise certificate should be installed in seperate if am not wrong.

crypto ca authenticate <trustpoint name>

paste root and intermediate / bundle with word quit in the end

!

crypto ca import <trustpoint> certificate

<actual entreprise certificate? with word quit at end

!

sample config procedure:

http://bytesolutions.com/Support/Knowledgebase/KB_Viewer/smid/622/ArticleID/21/reftab/195/t/Installing-GoDaddy-SSL-Certificates-on-a-Cisco-IOS-Router-using-CLI.aspx

Regards

Karthik

View solution in original post

nkarthikeyan · ‎08-28-2014

Hi,