Authentication Types
Configuring Certificates Using the crypto pki CLI
Cisco 3200 Series Wireless MIC Software Configuration Guide
Enter configuration commands, one per line. End with CNTL/Z.
maldives-ap(config)#crypto pki trustpoint TEST-SCEP
maldives-ap(ca-trustpoint)#enrollment url
maldives-ap(ca-trustpoint)#rsakeypair scep-keys 1024
maldives-ap#show run
crypto pki trustpoint TEST-SCEP
enrollment mode ra
enrollment url
ip-address BVI1
revocation-check crl
rsakeypair scep-keys 1024
And to retrieve the CA certificate:
maldives-ap(config)#crypto pki authenticate TEST-SCEP
Certificate has the following attributes:
Fingerprint: 45EC6866 A66B4D8F 2E05960F BC5C1B76
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
Finally to enroll the router certificate(s):
maldives-ap(config)#crypto pki enroll TEST-SCEP
% Start certificate enrollment..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Jun 29 13:18:46.606: %CRYPTO-6-AUTOGEN: Generated new 1024 bit key pair
Re-enter password:
% The fully-qualified domain name in the certificate will be:
% The subject name in the certificate will be:
% Include the router serial number in the subject name? [yes/no]: yes
% The serial number in the certificate will be: 80AD5AD4
% Include an IP address in the subject name? [no]: yes
Enter Interface name or IP Address[]: BVI1
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
Jun 29 13:19:12.776: CRYPTO_PKI: Fingerprint: 6BF9EAC9 BE515B76 E7767395 8FA00FCC
Jun 29 13:19:12.776:
Jun 29 13:19:15.161: %PKI-6-CERTRET: Certificate received from Certificate Authority
maldives-ap(config)# end
The crypto show commands are used to view the certificates associated with the trustpoint,
in this case both the CA and single router certificate:
maldives-ap#show crypto pki cert TEST-SCEP