19-3
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter19 Public Key Infrastructu re
Certificate Wizards
After the wizard completes and the commands are delivered to the router, Cisco
SDM attempts to contact the CA server. If the CA server is contacted, Cisco SDM
displays a message window with the server’s digital certificate.
Certificate Authority (CA) Information
Provide information to identify the CA server in this window. Also specify a
challenge password that will be sent along with the request.
Note The information you enter in this screen is used to generate a trustpoint. The
trustpoint is generated with a default revocation check method of CRL. If you are
editing an existing trustpoint with the SCEP wizard, and a revocation method
different from CRL, such as OCSP, already exists under the trustpoint, Cisco
SDM will not modify it. If you need to change the revocation method, go to
Router Certificates window, select the trustpoint you configured, and click the
Check Revocation button.

CA server nickname

The CA server nickname is an identifier for the trustpoint you are configuring.
Enter a name that will help you identify one trustpoint from another.

Enrollment URL

If you are completing an SCEP enrollment, you must enter the enrollment URL
for the CA server in this field. For example,
http://CAuthority/enrollment
The URL must begin with the characters http://. Be sure there is connectivity
between the router and the CA server before beginning the enrollment process.
This field does not appear if you are completing a cut-and-paste enrollment.

Challenge Password and Confirm Challenge Password

A challenge Password can be sent to the CA for you to use if you ever need to
revoke the certificate. It is recommended that you do so, as some CA servers do
not issue certificates if the challenge Password is blank. If you want to use a