Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
886
Views
0
Helpful
1
Replies

Cisco IOS CA server

fsebera
Level 4
Level 4

‎10-18-2010 01:21 PM

I want to make my Cisco IOS router perform as a CA PKI server.

These are the CLI commands [I think] I need to enable the IOS CA server.

Is this correct?

After I make the IOS CA server, I will make this router a pki client as-well but have not included these commands here as I am just trying to get one step at a time understood and completed.

Thanks AGAIN.

Frank

R1 G0/0 192.168.1.1 /24 <-----------> R2 G0/0 192.168.1.2 /24

ip http server

clock timezone est -5

clock summer-time edt recurring

net peer 192.168.1.1

ntp master 4

ip domain name TEST.LAB

!

crypto key generate rsa general-keys label IOS-CA-SVR modulus 1024 exportable

crypto key export rsa IOS-CA-SVR pem url flash: Protectm3

crypto pki server IOS-CA-SVR

     database level complete

     database url flash:

     issuer-name CN=IOS-CA-SVR OU=TEST-LAB

no shutdown

Labels:
0 Helpful
1 Reply 1

Ivan Kovacevic
Cisco Employee
Cisco Employee

‎10-19-2010 12:06 AM

Your config seems to be fine, except the typo in "net peer 192.168.1.1" - it should be "ntp peer...". Apart from this you can add "grant auto" under the CA config if you don't want to manually grant every cert. Also make sure "ip http server" is enabled before you attempt to start IOS CA.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents