Crypto pki server missing "info" option

Answered Question
Oct 6th, 2010
User Badges:
  • Bronze, 100 points or more

After upgraging to IOS c2800nm-advsecurityk9-mz.151-2.T1.bin, the crypto pki server CA-SERVER info requests option no longer exist, the crypto pki serv CA-SERVER command is available but only with the following options.


CA#crypto pki server CA-SERVER ?
  grant     Grant enrollment requests
  password  One Time Password for SCEP enrollment
  reject    Reject enrollment requests
  remove    Remove enrollment requests from database
  request   Retrieve an enrollment request
  revoke    Revoke certificate
  start     start server
  stop      stop server
  trim      Trim the CRL based on the expired-certs file.
  unrevoke  Unrevoke certificate

.

.

.

Is there a new way to view "pending" spoke client request(s) or am I doing something (or many things) incorrectly?

.

.

.

.

.

.

.

I configured the CA server as:

.

hostname CA-SERVER
ip domain-name test.lab
ntp server 192.168.0.1
clock timezone EST -5
clock summer-time
ntp master 3
ntp source loopback0

.

ip http server

.

crypto key generate rsa general-keys label CA-SERVER modulus 1024 exportable
crypto key export rsa CA-SERVER pem url usbflash0: 3des <password>
crypto pki server CA-SERVER
(ca-server)# database url usbflash0:
(ca-server)# database level complete
(ca-server)# issuer-name CN=bla bla bla
(ca-server)# lifetime ca-certificate 730
(ca-server)# lifetime certificate 750
(ca-server)# lifetime crl 336
(ca-server)# no shutdown
end

.

.

.

.

R1#sh crypto pki server
Certificate Server CA-SERVER:
    Status: enabled
    State: enabled
    Server's configuration is locked  (enter "shut" to unlock it)
    Issuer name: CN=bla bla bla
    CA cert fingerprint: #### ##### #### ####
    Granting mode is: manual
    Last certificate issued serial number (hex): 1
    CA certificate expiration timer: 11:57:05 EST Oct 3 2012
    CRL NextUpdate timer: 11:57:07 EST Oct 18 2010
    Current primary storage dir: usbflash0:
    Database Level: Complete - all issued certs written as <serialnum>.cer

.

.

Tks for any assistance.

Frank

Correct Answer by wzhang about 6 years 10 months ago

Hi, Frank:


Yes this command has been deprecated in the newer IOS code. You should be able to use the command show crypto pki server CA-SERVER requests to get the same info though.


Thanks,

Wen

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
wzhang Wed, 10/06/2010 - 08:08
User Badges:
  • Cisco Employee,

Hi, Frank:


Yes this command has been deprecated in the newer IOS code. You should be able to use the command show crypto pki server CA-SERVER requests to get the same info though.


Thanks,

Wen

fsebera Wed, 10/06/2010 - 08:36
User Badges:
  • Bronze, 100 points or more

Wen,


ahhhh . . . the old show commands!!!!



Output


CA-SERVER#sh crypto pki server SA-SERVER requests            
Enrollment Request Database:


Subordinate CA certificate requests:
ReqID  State      Fingerprint                      SubjectName
--------------------------------------------------------------


RA certificate requests:
ReqID  State      Fingerprint                      SubjectName
--------------------------------------------------------------


Router certificates requests:
ReqID  State      Fingerprint                      SubjectName
--------------------------------------------------------------
1      pending    1########################### hostname=SPOKE2.TEST.LAB


THANK You

Frank

Actions

This Discussion