10-06-2010 07:27 AM
After upgraging to IOS c2800nm-advsecurityk9-mz.151-2.T1.bin, the crypto pki server CA-SERVER info requests option no longer exist, the crypto pki serv CA-SERVER command is available but only with the following options.
CA#crypto pki server CA-SERVER ?
grant Grant enrollment requests
password One Time Password for SCEP enrollment
reject Reject enrollment requests
remove Remove enrollment requests from database
request Retrieve an enrollment request
revoke Revoke certificate
start start server
stop stop server
trim Trim the CRL based on the expired-certs file.
unrevoke Unrevoke certificate
.
.
.
Is there a new way to view "pending" spoke client request(s) or am I doing something (or many things) incorrectly?
.
.
.
.
.
.
.
I configured the CA server as:
.
hostname CA-SERVER
ip domain-name test.lab
ntp server 192.168.0.1
clock timezone EST -5
clock summer-time
ntp master 3
ntp source loopback0
.
ip http server
.
crypto key generate rsa general-keys label CA-SERVER modulus 1024 exportable
crypto key export rsa CA-SERVER pem url usbflash0: 3des <password>
crypto pki server CA-SERVER
(ca-server)# database url usbflash0:
(ca-server)# database level complete
(ca-server)# issuer-name CN=bla bla bla
(ca-server)# lifetime ca-certificate 730
(ca-server)# lifetime certificate 750
(ca-server)# lifetime crl 336
(ca-server)# no shutdown
end
.
.
.
.
R1#sh crypto pki server
Certificate Server CA-SERVER:
Status: enabled
State: enabled
Server's configuration is locked (enter "shut" to unlock it)
Issuer name: CN=bla bla bla
CA cert fingerprint: #### ##### #### ####
Granting mode is: manual
Last certificate issued serial number (hex): 1
CA certificate expiration timer: 11:57:05 EST Oct 3 2012
CRL NextUpdate timer: 11:57:07 EST Oct 18 2010
Current primary storage dir: usbflash0:
Database Level: Complete - all issued certs written as <serialnum>.cer
.
.
Tks for any assistance.
Frank
Solved! Go to Solution.
10-06-2010 08:08 AM
Hi, Frank:
Yes this command has been deprecated in the newer IOS code. You should be able to use the command show crypto pki server CA-SERVER requests to get the same info though.
Thanks,
Wen
10-06-2010 08:08 AM
Hi, Frank:
Yes this command has been deprecated in the newer IOS code. You should be able to use the command show crypto pki server CA-SERVER requests to get the same info though.
Thanks,
Wen
10-06-2010 08:36 AM
Wen,
ahhhh . . . the old show commands!!!!
Output
CA-SERVER#sh crypto pki server SA-SERVER requests
Enrollment Request Database:
Subordinate CA certificate requests:
ReqID State Fingerprint SubjectName
--------------------------------------------------------------
RA certificate requests:
ReqID State Fingerprint SubjectName
--------------------------------------------------------------
Router certificates requests:
ReqID State Fingerprint SubjectName
--------------------------------------------------------------
1 pending 1########################### hostname=SPOKE2.TEST.LAB
THANK You
Frank
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide