Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

crypto pki trustpoint

Table 2-1 Certificate-Authority Trustpoint Submode Commands (continued)

 

Command

 

Purpose and Guidelines

Defaults

 

 

 

 

 

 

 

 

 

 

 

 

match certificate map_name [map override

 

Associates a certificate-based access control list

 

 

 

 

 

 

 

skip]

 

(ACL) defined with the crypto pki certificate

 

 

 

 

 

 

 

 

 

map command.

 

 

 

 

 

 

 

 

 

map_name—Matches the map_name argument

 

 

 

 

 

 

 

 

 

specified in a previously defined crypto pki

 

 

 

 

 

 

 

 

 

certificate map map_name command.

 

 

 

 

 

 

 

 

 

allow—Allows expired certificates to be accepted.

 

 

 

 

 

 

 

 

 

override—Overrides fields in a certificate.

 

 

 

 

 

 

 

 

 

skip—Skips a certificate validity check.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

no

 

Negates a command or set its defaults.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

ocsp url url

 

Enters Online Certificate Status Protocol (OCSP)

 

 

 

 

 

 

 

 

 

parameters.

 

 

 

 

 

 

 

 

 

url—All certificates associated with a configured

 

 

 

 

 

 

 

 

 

trustpoint will be checked by the OCSP server at

 

 

 

 

 

 

 

 

 

the specified HTTP URL.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

password password

 

(Optional) Configures a challenge password.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

primary

 

Specifies the trustpoint as primary.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

query certificate

 

Turns on query mode per specified trustpoint,

 

 

 

 

 

 

 

 

 

causing certificates not to be stored locally and to

 

 

 

 

 

 

 

 

 

be retrieved from a remote server.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

rsakeypair key-label

 

Specifies the key pair to associate with the

 

 

 

 

 

 

 

 

 

certificate.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

regenerate

 

Regenerates keys on reenrollment.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

revocation-check {crl none ocsp}

 

(Optional) Specifies how this trustpoint looks up a

 

 

 

 

 

 

 

 

 

certificate revocation list when validating a

 

 

 

 

 

 

 

 

 

certificate associated with this trustpoint.

 

 

 

 

 

 

 

 

 

crl —Revocation check by CRL.

 

 

 

 

 

 

 

 

 

none—Ignore revocation check.

 

 

 

 

 

 

 

 

 

ocsp—Revocation check by OCSP.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

root tftp hostname filename

 

Defines the TFTP protocol to get the root

 

 

 

 

 

 

 

 

 

certificate of a given certification authority. This

 

 

 

 

 

 

 

 

 

command enables an authenticated root certificate

 

 

 

 

 

 

 

 

 

to be stored as a file on the TFTP server.

 

 

 

 

 

 

 

 

 

 

 

 

 

serial-number [none]

 

Specifies whether or not to include serial number.

Not included

 

 

 

 

 

 

 

 

 

 

 

show

 

Shows this router trustpoint.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

source interface interface-name

 

Specifies the address of an interface to be used as

 

 

 

 

 

 

 

 

 

the source address for all outgoing TCP

 

 

 

 

 

 

 

 

 

connections associated with a trustpoint.

 

 

 

 

 

 

 

 

 

interface-name—Interface address to be used as

 

 

 

 

 

 

 

 

 

the source address.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

 

 

 

 

 

 

 

 

OL-7310-01

 

 

 

 

2-29

 

 

 

 

 

 

 

 

Page 28 Page 30
Page 29
Image 29
Cisco Systems 6500 Match certificate mapname map override, Skip, Certificate map mapname command, Ocsp url url, Primary
Page 28 Page 30
Top Page Image Contents