Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

IOS CA with offline root and multiple subordinates

Does anyone have specific experience with setting up an offline root CA with multiple subordinates issuing certs to routers for VPN authentication? I'm working on setting this up for testing and the documentation does not clearly state if I can have certificates on 2 devices, issued by different subordinates of the same root and have trust between them for authentication.

Thanks in advance,

Mark

1 REPLY
Community Member

Re: IOS CA with offline root and multiple subordinates

After testing and going over the documentation again, it looks like the answer is to configure a root (online) with multiple RA (registration authorities) below it. In initial testing, certs still needed to be granted at the root server, but hopefully this helps anyone looking to do a large scale PKI rollout.

Mark

123
Views
0
Helpful
1
Replies
CreatePlease to create content