Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

crypto pki enroll

crypto pki enroll

To request a certificate for the trustpoint, use the crypto pki enroll command.

crypto pki enroll trustpoint-label

Syntax Description

 

trustpoint-label

Name of the trustpoint label.

 

 

 

 

Defaults

 

This command has no default settings.

Command Modes

Command History

Global configuration

Release

Modification

WebVPN Module

Support for this command was introduced on the Catalyst 6500 series

Release 1.1

switches.

 

 

Usage Guidelines The trustpoint-labelargument is case-sensitive.

You must obtain a signed certificate from the certificate authority for each trustpoint.

You have the option to create a challenge password that is not saved with the configuration. This password is required if your certificate needs to be revoked, so you must remember this password.

Note If your module or switch reboots after you have entered the crypto pki enroll command, but before you have received the certificates, you must reenter the command and notify the certificate authority administrator.

Examples

This example shows how to request a certificate:

webvpn(config)# crypto pki enroll PROXY1

%

%Start certificate enrollment..

%The subject name in the certificate will be: C=US; ST=California; L=San Jose; O=Cisco; OU=Lab; CN=host1.cisco.com

%The subject name in the certificate will be: host.cisco.com

%The serial number in the certificate will be: 00000000

%The IP address in the certificate is 10.0.0.1

%Certificate request sent to Certificate Authority

%The certificate request fingerprint will be displayed.

%The 'show crypto pki certificate' command will also show the fingerprint. Fingerprint: 470DE382 65D8156B 0F84C2AF 4538B913

webvpn(config)# end

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

2-16

OL-7310-01

 

 

Page 16
Image 16
Cisco Systems 6500 manual Crypto pki enroll trustpoint-label, This example shows how to request a certificate