Hello Cisco Community,

I am currently configuring trustpoints on a ISR router. The hierarchy looks like that: root --> subca --> router certificate.

I will create 2 trustpoints where the 1st will reference the root-ca and the 2nd one the subca and router certificate.

I am aware of the fact, that the chain of trust needs to be established. I check several configurations and some mentioned the command chain-validation none (for the Root-CA); chain-validation "name of upper trustpoint e.g. subca".

The question is, whether the command chain-validation ... needs to configured in order to setup a clean configuration on the router.

Any feedback is appreciated.