Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 manual Crypto pki authenticate trustpoint-label

Models: 6500

1 112

Download 112 pages 18.84 Kb

Page 13

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

crypto pki authenticate

crypto pki authenticate

To obtain the certificate that contains the public key of the certificate authority, use the crypto pki authenticate command.

crypto pki authenticate trustpoint-label

Syntax Description		trustpoint-label	Name of the trustpoint label.

Defaults		This command has no default settings.

Command Modes

Command History

Global configuration

Release	Modification
WebVPN Module	Support for this command was introduced on the Catalyst 6500 series
Release 1.1	switches.

Usage Guidelines The trustpoint-labelargument is case-sensitive.

For each trustpoint, you must obtain a certificate that contains the public key of the certificate authority; multiple trustpoints can use the same certificate authority.

Note Contact the certificate authority to obtain the correct fingerprint of the certificate and verify the fingerprint displayed on the console.

Examples

This example shows how to obtain the certificate of the certificate authority:

webvpn(config)# crypto pki authenticate PROXY1 Certificate has the following attributes: Fingerprint: A8D09689 74FB6587 02BFE0DC 2200B38A

%Do you accept this certificate? [yes/no]: y Trustpoint CA certificate accepted. webvpn(config)# end

webvpn#

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

	OL-7310-01	2-13

Image 13

Cisco Systems 6500 manual Crypto pki authenticate trustpoint-label

Contents

Commands for the Catalyst 6500 Series Switch WebVPN Module Command Modes Command History DefaultsClear webvpn nbns Release ModificationClear webvpn platform Webvpn# clear webvpn platform Clears the statistics for a specific context Clear webvpn sessionUser name Specifies the user nameCifs Clear webvpn statsMangle Port-forwardTerminal Crypto key export rsa pemUrl url 3desKey nametest-keys UsageGeneral Purpose Key General-keys Crypto key generateUsage-keys ExportableThis example shows how to generate general-purpose RSA keys This example shows how to generate special-usage RSA keysCrypto key generate rsa usage-keys Release Modification Crypto key import rsa pemPEM-formatted RSA key to the WebVPN Services Module Crypto pki authenticate trustpoint-label Crypto pki authenticateCrypto pki certificate Defaults Command Modes Command History Usage GuidelinesCrypto pki crl request Wwbvpnconfig# crypto pki crl requestCrypto pki crl request name Webvpnconfig# crypto pki enroll PROXY1 This example shows how to request a certificateCrypto pki enroll Crypto pki enroll trustpoint-labelCrypto pki export pem Related Commands crypto pki import pem Crypto pki export pkcs12 Wwbvpnconfig# crypto ca export TP1 pkcs12 scp sky is blue This example shows how to export a PKCS12 file using SCPInclude the full path in the pkcs12filename value PKCS12 fileCrypto pki import pem Usage Guidelines Examples Related Commands crypto pki export pemCrypto pki import pkcs12 Users/admin-1/pkcs12/TP2.p12 This example shows how to import a PKCS12 file using SCPCrypto pki profile enrollment Webvpnconfig# crypto pki profile enrollment testCrypto pki profile enrollment label Crypto pki trustpoint Command Purpose and Guidelines Defaults Period minutes-1 Enrollment http-proxymode ra retryPeriod minutes count count url url Count count-10Password password Certificate map mapname commandMatch certificate mapname map override SkipUsage ike ssl-client ssl-server Subject-name lineVrf vrf Debug webvpn Trace module module- FDU trace Event app next-hop tcp-Event debuggingCert- Certificate management Ca-pool- CA PoolEvents- Events This example shows how to turn on tunnel debugging Usage Guidelines Nbns-list name no nbns-list name Nbns-listNbns-server ipaddr Master timeoutExit Banner value string Policy groupFilter tunnel ip-acl Timeout idle Functions file-accessHide-url-bar Nbns-list nameWebvpnconfig-webvpn-group#svc address-pool ciscotunlpool Webvpnconfig# webvpn context ciscoSpecifies the default local port valid values are from 1 to Default local-portPort-forward Port-forward listname no port-forward listnameWebvpn context Related Commands url-listShow webvpn context name Show webvpn contextWebvpn# show web context tunnel Show webvpn dispatch algorithm member stats Show webvpn dispatchAlgorithm MemberSslvpn CLB Member Table Show webvpn gateway Webvpn# show webvpn gateway s1 Admin Status upShow webvpn gateway name Webvpn# show webvpn gatewayFile Show webvpn installCsd StatusWebvpn# show web install file \webvpn\stc\version.txt Show webvpn nbns context name all Show webvpn nbnsAll Show web nbns context allShow webvpn-platform buffers module module Show webvpn platform buffersShow webvpn-platform buffers module all Show webvpn platform context name module module Show webvpn platform contextWebvpn# show webvpn platform context tunnel OL-7310-01 Show webvpn platform crash-info brief details Show webvpn platform crash-infoBrief DetailsNvram Version This Core Didnt Crash Show webvpn platform gateway name debug module module Show webvpn platform gatewayDebug Module moduleVlan ID Show webvpn platform mac address This command has no default settingsShow webvpn platform mac address ModuleShow webvpn platform policy ssl tcp name Show webvpn platform policySsl TcpShow webvpn platform version Show webvpn platform versionWebvpn# show webvpn platform version Show webvpn platform vlan vlan-id Show webvpn platform vlanWebvpn# show webvpn platform vlan Show webvpn policy Related Commands webvpn policy sslGroup name Context name TcpContext name Show webvpn sessionUser name Webvpn# show webvpn session context c1Show webvpn stats type Show webvpn statsWebvpn# show webvpn stats Mangling statistics Relative urls 15705 Absolute urls 41850 DPD Page TCP VCs Active VCs Aborted Conns Webvpn# show web stats context tunnel DPD Snmp-server enable This example shows how to enable traps This example shows how to enable Snmp informsThis example shows how to enable authentication traps Command History Release Modification Command Modes WebVPN group context submodeSvc Dns-server primary secondaryCommand Purpose and Guidelines Default No rekey method Rekey method new-tunnel sslRekey time interval No rekey timeUrl-list listname no url-list listname Url-listHeading text Url-text text url-value url/exchageRelated Commands webvpn context Specifies AAA configuration parameters for context Aaa authentication domain domain-listDefault-group-policy default-policy-name Webvpn contextLogin-message string InserviceNo login-message Password-prompt promptAuthenticate verify -Specifies the SSL Ssl authenticate verify all nonePolicy group policy-name Policy ssl policy-nameVrf-name vrf-name Url-list listnameColor Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Color Name Webvpnconfig-webvpn-context# url-list cisco 100 Webvpn gateway No policy tcp SecondaryNo policy ssl Webvpnconfig-webvpn-gateway#ip address 172.21.65.71 port Webvpnconfig# webvpn gateway commonContext and enter the gateway submode Webvpn policy ssl Timeout handshake timeout No session-cache enableTimeout session timeout absolute HelpThis example shows how to disable session-cache This example shows how to enable session-cacheWwbvpnconfig# webvpn policy ssl sslpl1 Wwbvpnconfig-ssl-policy#cipher RSAWITH3DESEDECBCSHARelated Commands show webvpn stats This example shows how to print out a helpWwbvpnconfig-ssl-policy#timeout session 30000 absolute Timeout reassembly is 60 seconds Tos carryover is disabled Timeout syn is 75 secondsDefault Exit Webvpn policy tcpDelay-ack-timeout Delayed-ack-thresholdNo timeout fin-wait timeout-in-seconds No timeout inactivity timeout-in-secondsForm of this command to return to the default setting No timeout reassembly timeNo tos carryover Server to client connection, the server connection must be111 112