Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

What is a PKI Trustpoint

Hi Guys,

What actually is a trustpoint?  And its definition?

I am new to IOS PKI

Many thx

Ken

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: What is a PKI Trustpoint

A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate.
A trustpoint certificate is a self-signed certificate, hence the name trustpoint, since it does not rely on the trust of anyone else or other party.

Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL).

A PKI is composed of the following entities:

Peers communicating on a secure network

At least one certification authority (CA) that grants and maintains certificates

Digital certificates, which contain information such as the certificate validity period, peer identity information, encryptions keys that are used for secure communications, and the signature of the issuing CA

An optional registration authority (RA) to offload the CA by processing enrollment requests

A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs).

https://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Thanks & Regards,

Anshul

1 REPLY
Cisco Employee

Re: What is a PKI Trustpoint

A trustpoint is basically a certificate authority who you trust, and it is called a trustpoint because you implicitly trust this authority. The idea is that by trusting a given self-signed certificate, then your PKI system will automatically trust any other certificates signed with that trusted certificate.
A trustpoint certificate is a self-signed certificate, hence the name trustpoint, since it does not rely on the trust of anyone else or other party.

Cisco IOS public key infrastructure (PKI) provides certificate management to support security protocols such as IP Security (IPSec), secure shell (SSH), and secure socket layer (SSL).

A PKI is composed of the following entities:

Peers communicating on a secure network

At least one certification authority (CA) that grants and maintains certificates

Digital certificates, which contain information such as the certificate validity period, peer identity information, encryptions keys that are used for secure communications, and the signature of the issuing CA

An optional registration authority (RA) to offload the CA by processing enrollment requests

A distribution mechanism (such as Lightweight Directory Access Protocol [LDAP] or HTTP) for certificate revocation lists (CRLs).

https://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki_ps6350_TSD_Products_Configuration_Guide_Chapter.html

Thanks & Regards,

Anshul

7052
Views
10
Helpful
1
Replies
CreatePlease to create content