Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Configuring Auto-enrollment on a router


I configured A digital Certificate on a router using a CA server for authentication

Here is the policy configuration:

crypto ca trustpoint branch-Cert

enrollment mode ra

enrollment url

usage ike


crl optional

So what i need to do now, is to configure Auto-enrollment.

I did my research and found that the only missing command is the auto-enroll [percent] [regenerate]

The issue is when the first time i did the "cr ca enroll ..." i had to enter a password that was generated from the CA server and it worked properly, but was done manually.

but when the certificate expires and the automatic enrollment takes place, will a new password be required?

and if yes, how will it be entered automatically?



Re: Configuring Auto-enrollment on a router

Tipically the password that the CA gives to you is dynamically and has a lifetime I believe around 5 minutes, in this case you would need to enter the password manually once the router is about to re enroll itself to the CA. In the case where the CA generates a password which never changes then I believe you have the option on the trustpoint to define the password you would like to use.

New Member

Re: Configuring Auto-enrollment on a router

Hi again

The password generated by the CA server is exactly as u said, its lifetime is for 5 minutes.

So how can i make the router to auto-enroll without any manual intervention.

Can we change the settings in the CA server password generation so it would never change?

Re: Configuring Auto-enrollment on a router

That I am not sure..I know you can change it to avoid using password but I am not sure if it will keep the same password over and over... at this point I believe your option are either enter the password every time (not automatic) or disable password on the CA (enrollment automatic)

New Member

Re: Configuring Auto-enrollment on a router


do u know how to disable password on the CA (enrollment automatic)????


Re: Configuring Auto-enrollment on a router

You need to access your MS CA certificates console via Administrative Tools > CA, in there you need to right click over your CA certificate and select properties from here I am not quite sure where exactly will you go but there is an option for disabling pass phrase. If this is not like that then you need to re install your CA.

CreatePlease to create content