Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
4
Replies

PKI certificate revocation

Denis Ponev
Level 1
Level 1

‎07-08-2014 11:51 AM

In PKI how do I revoke client's certificates? I know I can do

crypto pki server NAME revoke 1

but how do I know serial number if I don't have access to the device with certificate I want to revoke? Let's say the device is stolen and I don't want anybody to have access to my network via that device. Is there any way to view a list of certificates that were granted? Or am I doing something completly wrong and it doesn't work like this?

Labels:
0 Helpful
4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎07-08-2014 11:53 PM

You can see certificates granted by this CA (their CN and serial numbers). 

"show crypto pki server certificates"

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s3.html#wp2218130757

 

 

0 Helpful

Denis Ponev
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-10-2014 10:42 PM

Don't have this command on router with configured CA.

#sh crypto pki server ?
  |  Output modifiers
  <cr>

Are there special requirements for this comand?

 

0 Helpful

Marcin Latosiewicz
Cisco Employee
Cisco Employee
In response to Denis Ponev

‎07-10-2014 11:25 PM

Probably IOS version. Minimum of 12.4(20)T.

 

0 Helpful

Denis Ponev
Level 1
Level 1
In response to Marcin Latosiewicz

‎07-10-2014 11:43 PM

I've got  12.4(13b). Is there any other way?

0 Helpful
Customers Also Viewed These Support Documents