Configuring a CA Trustpoint
Command or Action
Step 4
crypto key generate rsa
Example:
Switch(config)# crypto key generate rsa
Step 5
crypto ca trustpoint name
Example:
Switch(config)# crypto ca trustpoint
your_trustpoint
Step 6
enrollment url url
Example:
Switch(ca-trustpoint)# enrollment url
http://your_server:80
Step 7
enrollment http-proxy host-name port-number
Example:
Switch(ca-trustpoint)# enrollment
http-proxy your_host 49
Step 8
crl query url
Example:
Switch(ca-trustpoint)# crl query
ldap://your_host:49
Step 9
primary name
Example:
Switch(ca-trustpoint)# primary
your_trustpoint
Step 10
exit
Example:
Switch(ca-trustpoint)# exit
Catalyst 2960-X Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX
130
Purpose
(Optional) Generates an RSA key pair. RSA key pairs are required
before you can obtain a certificate for the switch. RSA key pairs
are generated automatically. You can use this command to
regenerate the keys, if needed.
Specifies a local configuration name for the CA trustpoint and enter
CA trustpoint configuration mode.
Specifies the URL to which the switch should send certificate
requests.
(Optional) Configures the switch to obtain certificates from the
CA through an HTTP proxy server.
• For host-name , specify the proxy server used to get the CA.
• For port-number, specify the port number used to access the
CA.
Configures the switch to request a certificate revocation list (CRL)
to ensure that the certificate of the peer has not been revoked.
(Optional) Specifies that the trustpoint should be used as the
primary (default) trustpoint for CA requests.
• For name, specify the trustpoint that you just configured.
Exits CA trustpoint configuration mode and return to global
configuration mode.
Configuring Secure Socket Layer HTTP
OL-29048-01