Search This Blog

Thursday, September 9, 2010

Configure Router to be the CA Server

Configure Router to be a CA server to automatically grant certificates using the following parameters :

RSA key size: 512 Bits
Key Label: CA-CCIE
Any Passphrase: CCIESEC3
Encryption: 3DES
Key Location: NVRAM
Issure Name: CN=CA-CCIE.Cisco.com L=ND C=IN

IOS SERVER CONFIGURATION:
note: Ensure your router clock is sync with all routers
!
ip domain-name cisco.com
!
crypto key generate rsa general-keys label CA-CCIE exportable
crypto key export rsa CA-CCIE pem url nvram 3des CCIESEC3
!
ip http server
!
crypto pki server CA-CCIE
database url nvram:
issuer-name CN=CA-CCIE.Cisco.com L=ND C=IN
grant auto
no shut

ENROLL A ROUTER (client) TO CA SERVER

!
ip domain-name cisco.com
!
crypto key generate rsa
!
crypto ca trustpoint CA-CCIE
enrollment url http://150.1.5.5:80
revocation-check none
!
crypto ca authenticate CA-CCIE
!
crypto ca enroll CA-CCIE
password:CCIESEC3
re-enter password:CCIESEC3

DOC-CD
Technology
+ Security and VPN
+ IPSec Negotiation/IKE Protocols
+ Configuration Examples and TechNotes
+Dynamic LAN-to-LAN VPN between Cisco IOS Routers Using IOS CA on the Hub Configuration Example


Posted by at
CCIE Security Home Lab ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)