Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module
crypto pki trustpoint
Table
Command | Purpose and Guidelines | Defaults |
|
|
|
| (Optional) Configures the host name of the |
|
| WebVPN gateway. |
|
|
|
|
usage {ike | (Optional) Specifies the intended use for the |
|
| certificate. |
|
|
|
|
vrf vrf | Name of the VPN routing and forwarding instance |
|
| (VRF) to use for enrollment and obtaining CRLs. |
|
|
|
|
You should declare one trustpoint to be used by the module for each certificate.
The
When you specify the IP address of the WebVPN gateway that will use this certificate, some web browsers compare the IP address in the SSL server certificate with the IP address that might appear in the URL. If the IP addresses do not match, the browser may display a dialog box and ask the client to accept or reject this certificate.
When specifying the
•The
•Arguments specified in the subject name must be enclosed in quotation marks if they contain a comma. For example, O=“Cisco, Inc.”
•Some browsers compare the common name (CN) field of the subject name in the SSL server certificate with the hostname that might appear in the URL. If the names do not match, the browser may display a dialog box and ask the client to accept or reject the certificate. Also, some browsers will reject the SSL session setup and close the session if the CN field is not defined in the certificate.
Examples | This example shows how to declare the trustpoint PROXY1 and verify connectivity: |
| webvpn(config)# crypto pki trustpoint PROXY1 |
| |
| |
| |
| |
| |
| |
| CN=host1.cisco.com |
| |
| webvpn# ping example.cisco.com |
| Type escape sequence to abort. |
| Sending 5, |
| !!!!! |
| Success rate is 100 percent (5/5), |
| webvpn# |
Catalyst 6500 Series Switch WebVPN Module Command
| ||
|
