Cisco Community
English
Register
We have 1 million community members! Join the celebration! Learn how.
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
564
Views
0
Helpful
0
Replies
tschafferx
Beginner
Beginner
‎06-17-2019 04:10 AM
‎06-17-2019 04:10 AM

Trustpoint configuration | Parameter chain-validation

Hello Cisco Community,

 

I am currently configuring trustpoints on a ISR router. The hierarchy looks like that: root --> subca --> router certificate.

I will create 2 trustpoints where the 1st will reference the root-ca and the 2nd one the subca and router certificate.

 

I am aware of the fact, that the chain of trust needs to be established. I check several configurations and some mentioned the command chain-validation none (for the Root-CA); chain-validation "name of upper trustpoint e.g. subca".

 

The question is, whether the command chain-validation ... needs to configured in order to setup a clean configuration on the router.

 

Any feedback is appreciated.

Labels:
0 Helpful
0 REPLIES 0
Latest Contents
VPN Site-to-Site with dynamic IP
Created by meddane on 09-17-2021 04:03 PM
0
0
0
0
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P... view more
Site-to-Site FlexVPN IOS router
Created by meddane on 09-17-2021 04:00 PM
0
0
0
0
On R1, configure a key ring that defines the peer R3:Address: 23.0.0.3Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 23.0.0.3R1(config-ikev2-keyring-pee... view more
802.1X With Port Radius NAS PORT Id Attribute Cisco ISE
Created by meddane on 09-17-2021 03:59 PM
0
0
0
0
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al... view more
Configure Anyconnect with SAML authentication on FTD managed...
Created by Josue Brenes on 09-16-2021 08:22 AM
0
0
0
0
Introduction This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv... view more
DMVPN: Dual Hub Dual Cloud VS Dual Hub Dual Cloud: Pros and ...
Created by meddane on 09-11-2021 01:57 AM
0
5
0
5
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Event
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad