The process is show crypto pki certificates documented and much of the documented commands are outdated due to the changes in IOS. I hope this helps save some time and energy on your part. This design assumes a recent 12.
Make sure your routers time is correct before starting. I suggest you setup NTP to keep the routers time correct. If the routers time is not correct, it will affect the certificate’s functionality. Create a 2048 bit RSA key.
This page was last modified on 1 June 2011, at 22:18. This page has been accessed 30,306 times. Sample Chapter is provided courtesy of Cisco Press. Chapter Description Several processes need to occur in a PKI network for a deployment to function smoothly.
To address these processes, this chapter covers enrollment, Certificate Expiration and Renewal, Certificate Verification and Enforcement, and PKI Resiliency. Understanding the basics of cryptography and the building blocks of public key infrastructures provides a foundation for exploring the core processes and practical application of PKI. These processes govern how to get a certificate, how to keep a certificate that is current, how to revoke a certificate, and how to keep a PKI up and running if an outage occurs. Enrollment Enrollment is the process to obtain a certificate. The two process of enrollment are manual enrollment and a network SCEP-based enrollment. Network-based SCEP is discussed later in this chapter. Whereas both processes follow the same principles, the procedure for implementation varies.
The CA signs the request with the CA’s private key and generates the end host’s certificate. The certificate is delivered back to the end host. In this situation a non-network-based approach might be preferred. This approach requires an administrator to manually copy and paste a certificate into the local router. Manual copy-and-paste enrollment has several steps. The high-level steps are presented here, followed by a detailed example. The spoke is configured to use terminal enrollment.