02-17-2010 01:00 AM
Hi Guys,
What actually is a trustpoint? And its definition?
I am new to IOS PKI
Many thx
Ken
Solved! Go to Solution.
02-20-2010 05:26 AM
A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate.
A trustpoint certificate is a self-signed certificate, hence the name trustpoint, since it does not rely on the trust of anyone else or other party.
Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL).
A PKI is composed of the following entities:
•Peers communicating on a secure network
•At least one certification authority (CA) that grants and maintains certificates
•Digital certificates, which contain information such as the certificate validity period, peer identity information, encryptions keys that are used for secure communications, and the signature of the issuing CA
•An optional registration authority (RA) to offload the CA by processing enrollment requests
•A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs).
Thanks & Regards,
Anshul
02-20-2010 05:26 AM
A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate.
A trustpoint certificate is a self-signed certificate, hence the name trustpoint, since it does not rely on the trust of anyone else or other party.
Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL).
A PKI is composed of the following entities:
•Peers communicating on a secure network
•At least one certification authority (CA) that grants and maintains certificates
•Digital certificates, which contain information such as the certificate validity period, peer identity information, encryptions keys that are used for secure communications, and the signature of the issuing CA
•An optional registration authority (RA) to offload the CA by processing enrollment requests
•A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs).
Thanks & Regards,
Anshul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: