Search This Blog
Showing posts with label CA. Show all posts
Showing posts with label CA. Show all posts

Thursday, September 9, 2010

Configure Router to be the CA Server

Configure Router to be a CA server to automatically grant certificates using the following parameters :

RSA key size: 512 Bits
Key Label: CA-CCIE
Any Passphrase: CCIESEC3
Encryption: 3DES
Key Location: NVRAM
Issure Name: CN=CA-CCIE.Cisco.com L=ND C=IN

IOS SERVER CONFIGURATION:
note: Ensure your router clock is sync with all routers
!
ip domain-name cisco.com
!
crypto key generate rsa general-keys label CA-CCIE exportable
crypto key export rsa CA-CCIE pem url nvram 3des CCIESEC3
!
ip http server
!
crypto pki server CA-CCIE
database url nvram:
issuer-name CN=CA-CCIE.Cisco.com L=ND C=IN
grant auto
no shut

ENROLL A ROUTER (client) TO CA SERVER

!
ip domain-name cisco.com
!
crypto key generate rsa
!
crypto ca trustpoint CA-CCIE
enrollment url http://150.1.5.5:80
revocation-check none
!
crypto ca authenticate CA-CCIE
!
crypto ca enroll CA-CCIE
password:CCIESEC3
re-enter password:CCIESEC3

DOC-CD
Technology
+ Security and VPN
+ IPSec Negotiation/IKE Protocols
+ Configuration Examples and TechNotes
+Dynamic LAN-to-LAN VPN between Cisco IOS Routers Using IOS CA on the Hub Configuration Example


Posted by at No comments:
CCIE Security Home Lab ,
Subscribe to: Posts (Atom)