06-13-2019 12:38 AM - edited 02-21-2020 09:40 PM
Hello Cisco community,
As I was building the chain of trust on a router, I realized that there are two commands that seem to do the same.
In order to add the intermediary certificate to a trustpoint I normally would use the command:
crypto pki authenticate subca
After that I would add the router certificate to that trustpoint with the following command:
crypto pki import subca certificate
Here are my questions:
1:
Could I use the command crypto pki authenticate subca to import the router certificate or does the router do something different with the crypto pki import subca certificate?
2:
It seems like common practice to create a separate trustpoint for the root certificate and create another one for the subca and the router certificate. What's the idea behind that.
Any input is appreciated. Thank you.
06-13-2019 02:03 AM
06-13-2019 04:38 AM
Hello Mohammed,
thank you for your reply. You say that you can't combine multiple certificates into one single trustpoint.
--> A lot of documentation recommends to put both the Sub-Ca and the Router Certificate into one common trustpoint.
Can you comment on that?
06-13-2019 10:59 AM
06-14-2019 01:09 AM
Hello Mohammed,
you mentioned: "For question two, you can't combine multiple certificates to single
trustpoint."
The question was, why a lot of documentation suggests to put multiple certificates e.g. SubCa and Server Certificate into one common trustpoint.
Brgrds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide