Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SOHO91 x.509 certificates

I would like to know if it possible to use X.509 certificates on a SOHO91 Cisco router running soho91-k9oy6-mz.123-4.T IOS to establish a IPSec tunnel with a Cisco 7200 already configured and working with IPSEC 3des.

I've already use these kind of certs with a lot of other models but it seems on this model it is not possible to enable ISAKMP key exchange ( for ex. it's not possible to remove "no crypto isakmp enable" from configuration) and I cannot found the "crypto ca identity XXX" command and the following commands related to that.

Usually, on the other models, after generating RSA keys, I use this configuration before to authenticate CA server and enroll certificate.


ip host OpenSCEP xxx.yyy.www.zzz


crypto ca identity CA

enrollment url http://OpenSCEP:80

crl optional


I looked in the web site at Cisco Features Navigator before to buy it and that feature was included.

Any suggestion about how to retrive certificate in another way or other IOS to use will be appreciate.

Thanks in advance for your attention

and Best Regards


Re: SOHO91 x.509 certificates

Hi luponec,

instead of "crypto ca identity NAME" you can try "crypto ca trustpoint NAME".

This command changed in a certain ios release, don't know by heart which one.



New Member

Re: SOHO91 x.509 certificates

the problem was that there's not "ca" command after crypto.

I solved changing router model. TNX anyway