Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CA Authentication with AD Server

Hi everybody

Anyone could help me with my doubt ??

My question is :

I have a Windows 2008 Server with AD acting as a CA Server for cisco routers.

I also have the SCEP installed on this AD Server to provide the certificates to the devices.

I need  the certificates on the routers being updated automatically along with authentication.

How can I apply this ??

The process that I have now is manually, and I saw that the auto-enrollment command allow me to update the CA on the routers automatically, is that correct ???

Besides that, how can I implement an authentication on the routers that will request the CA certificate ???

Below there is some part of the script put on the router.

Router# conf t

Router(config)# crypto pki trustpoint TEST-SERVER

Router(ca-trustpoint)#  enrollment url http://x.x.x.x:80/certsrv/mscep/mscep.dll 

usage ike   

enrollment retry count 100 

enrollment retry period 2   

enrollment mode ra

serial-number  ( opcional )

vrf GRE-RA  ( opcional )

revocation-check crl

rsakeypair TEST-SERVER 1024 1024

auto-enroll 70 regenerate 

Everyone's tags (2)