Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

How to setup PKI CA Server and client "how to" document

After a long time, many documents and even many more Internet web searches, I have figured out how to setup Cisco PKI CA server and clients.

I have this documented STEP-BY-STEP.

I start off with Crypto preshared-keys and then migrate to RSA-Signatures.

Step-by-step guide.

Before I waste your time posting it, just wanted to ensure someone would find this useful.

If you would like this document, drop me a note here and I'll paste it in.

Thanks for all the help each of you have provided

This is my attempt to give back!!!

Tks

Frank

This is the first page.

BTW, no charge.

OBJECTIVE: R1 as PKI CA Server and Client and R2 as PKI Client

This setup starts with two Cisco routers configured with pre-shared keys. The link is a single broadcast domain, no tunnels or Telcos or Internet clouds involved. Once communications is tested and verified with pre-shared keys, migration to PKI RSA-Signatures is provided.

Router-1 will be setup as a PKI CA server; the PKI CA server validates and grants certificates. Router-1 will also be setup as a PKI client, receives its’ certificates from the PKI CA server which just happens to be the same physical router, Rotuer-1. Router-2 is setup as a PKI client, receives its’ certificates from PKI CA server, Router-1.

In case you haven’t figured this out, there are only 2 routers and a single cat-5 Ethernet cable involved here and nothing else except IOS c2800nm-advsecurityk9-mz.151-2.T1.bin.

If you don’t want to have an operational setup using pre-shared keys to validate configurations along the way, just skip to the configuring PKI CA server section and follow the step by step CLI directions and provided output.

If you want to run through the setup of a PKI client a second time, we clear router-2 and start over with different values. This is demonstrated following the successful setup of the PKI CA server and PKI clients.

If you just want the quick list of CLI commands for setting up basic PKI between two Cisco routers jump to the very end.

Last updated October 28, 2010

1 REPLY
Cisco Employee

Re: How to setup PKI CA Server and client "how to" document

Frank,

It looks like people might benefit from this. I can't promise it will be the most read document on the forums but it's definetly something other might use.

Before posting I'd strongly suggest to make sure you utilize formatting and provide some structure.

In case of document like this I'd stick to following structure (attached below) - this is one of the templetes we're encouraged to use.

If you have your observations or something you'd recommend (and why!), I'd leave it to a blog post.

Marcin

Introduction

This  document provides a sample configuration for ... (this introduction  should provide a description of the subject matter and any contextual  information describing a real-world scenario in which this information  might be used).

Prerequisites

Requirements

There are no specific requirements for this document.

OR

Ensure that you meet these requirements before you attempt this configuration:

Components Used

Configure

This section describes the information you need to configure the features described in this document.

Network Diagram

This document uses this network setup:

Configurations

This document uses these configurations:

Verify

Use this section to confirm that your configuration works properly.

1310
Views
0
Helpful
1
Replies
CreatePlease login to create content