cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
13849
Views
10
Helpful
1
Replies
Highlighted
Participant

What is a PKI Trustpoint

Hi Guys,

What actually is a trustpoint?  And its definition?

I am new to IOS PKI

Many thx

Ken

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate.
A trustpoint certificate is a self-signed certificate, hence the name trustpoint, since it does not rely on the trust of anyone else or other party.

Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL).

A PKI is composed of the following entities:

Peers communicating on a secure network

At least one certification authority (CA) that grants and maintains certificates

Digital certificates, which contain information such as the certificate validity period, peer identity information, encryptions keys that are used for secure communications, and the signature of the issuing CA

An optional registration authority (RA) to offload the CA by processing enrollment requests

A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs).

https://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Thanks & Regards,

Anshul

View solution in original post

1 REPLY 1
Highlighted
Cisco Employee

A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate.
A trustpoint certificate is a self-signed certificate, hence the name trustpoint, since it does not rely on the trust of anyone else or other party.

Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL).

A PKI is composed of the following entities:

Peers communicating on a secure network

At least one certification authority (CA) that grants and maintains certificates

Digital certificates, which contain information such as the certificate validity period, peer identity information, encryptions keys that are used for secure communications, and the signature of the issuing CA

An optional registration authority (RA) to offload the CA by processing enrollment requests

A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs).

https://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Thanks & Regards,

Anshul

View solution in original post

Content for Community-Ad