07-08-2014 11:51 AM
In PKI how do I revoke client's certificates? I know I can do
crypto pki server NAME revoke 1
but how do I know serial number if I don't have access to the device with certificate I want to revoke? Let's say the device is stolen and I don't want anybody to have access to my network via that device. Is there any way to view a list of certificates that were granted? Or am I doing something completly wrong and it doesn't work like this?
07-08-2014 11:53 PM
You can see certificates granted by this CA (their CN and serial numbers).
"show crypto pki server certificates"
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/s1/sec-s1-cr-book/sec-cr-s3.html#wp2218130757
07-10-2014 10:42 PM
Don't have this command on router with configured CA.
#sh crypto pki server ? | Output modifiers <cr>
Are there special requirements for this comand?
07-10-2014 11:25 PM
Probably IOS version. Minimum of 12.4(20)T.
07-10-2014 11:43 PM
I've got 12.4(13b). Is there any other way?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide