cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1424
Views
0
Helpful
2
Replies

Crypto pki server missing "info" option

fsebera
Level 4
Level 4

After upgraging to IOS c2800nm-advsecurityk9-mz.151-2.T1.bin, the crypto pki server CA-SERVER info requests option no longer exist, the crypto pki serv CA-SERVER command is available but only with the following options.

CA#crypto pki server CA-SERVER ?
  grant     Grant enrollment requests
  password  One Time Password for SCEP enrollment
  reject    Reject enrollment requests
  remove    Remove enrollment requests from database
  request   Retrieve an enrollment request
  revoke    Revoke certificate
  start     start server
  stop      stop server
  trim      Trim the CRL based on the expired-certs file.
  unrevoke  Unrevoke certificate

.

.

.

Is there a new way to view "pending" spoke client request(s) or am I doing something (or many things) incorrectly?

.

.

.

.

.

.

.

I configured the CA server as:

.

hostname CA-SERVER
ip domain-name test.lab
ntp server 192.168.0.1
clock timezone EST -5
clock summer-time
ntp master 3
ntp source loopback0

.

ip http server

.

crypto key generate rsa general-keys label CA-SERVER modulus 1024 exportable
crypto key export rsa CA-SERVER pem url usbflash0: 3des <password>
crypto pki server CA-SERVER
(ca-server)# database url usbflash0:
(ca-server)# database level complete
(ca-server)# issuer-name CN=bla bla bla
(ca-server)# lifetime ca-certificate 730
(ca-server)# lifetime certificate 750
(ca-server)# lifetime crl 336
(ca-server)# no shutdown
end

.

.

.

.

R1#sh crypto pki server
Certificate Server CA-SERVER:
    Status: enabled
    State: enabled
    Server's configuration is locked  (enter "shut" to unlock it)
    Issuer name: CN=bla bla bla
    CA cert fingerprint: #### ##### #### ####
    Granting mode is: manual
    Last certificate issued serial number (hex): 1
    CA certificate expiration timer: 11:57:05 EST Oct 3 2012
    CRL NextUpdate timer: 11:57:07 EST Oct 18 2010
    Current primary storage dir: usbflash0:
    Database Level: Complete - all issued certs written as <serialnum>.cer

.

.

Tks for any assistance.

Frank

1 Accepted Solution

Accepted Solutions

wzhang
Cisco Employee
Cisco Employee

Hi, Frank:

Yes this command has been deprecated in the newer IOS code. You should be able to use the command show crypto pki server CA-SERVER requests to get the same info though.

Thanks,

Wen

View solution in original post

2 Replies 2

wzhang
Cisco Employee
Cisco Employee

Hi, Frank:

Yes this command has been deprecated in the newer IOS code. You should be able to use the command show crypto pki server CA-SERVER requests to get the same info though.

Thanks,

Wen

Wen,

ahhhh . . . the old show commands!!!!

Output

CA-SERVER#sh crypto pki server SA-SERVER requests            
Enrollment Request Database:

Subordinate CA certificate requests:
ReqID  State      Fingerprint                      SubjectName
--------------------------------------------------------------

RA certificate requests:
ReqID  State      Fingerprint                      SubjectName
--------------------------------------------------------------

Router certificates requests:
ReqID  State      Fingerprint                      SubjectName
--------------------------------------------------------------
1      pending    1########################### hostname=SPOKE2.TEST.LAB

THANK You

Frank

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: