To configure trustpoints for use with certificates:
Trustpoint Name | Enter the 32-character maximum name assigned to the target trustpoint. The trustpoint signing the certificate can be a certificate authority, a corporation, or an individual. |
URL | Provide the complete URL to the location of the trustpoint. If needed, click Advanced to expand the dialog to display network address information to the location of the target trustpoint. The number of additional fields that populate the screen is also dependent on the selected protocol. |
Protocol | Select the protocol used for
importing the target trustpoint. Available options include:
|
Port | Set the port. This option is not valid for cf and usb1-4. |
Host | Provide the hostname string or
numeric IP address of the server used to import the
trustpoint. Hostnames cannot include an underscore
character. This option is not valid for cf
and usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
Path/File | Specify the path to the trustpoint file. Enter the complete relative path to the file on the server. |
Trustpoint Name | Enter the 32-character maximum name assigned to the target trustpoint signing the certificate. A trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration parameters, and an association with an enrolled identity certificate. |
URL | Provide the complete URL to the location of the trustpoint. If needed, click Advanced to expand the dialog to display network address information to the location of the target trustpoint. The number of additional fields populating the screen depends on the selected protocol. |
Advanced/Basic | Click Advanced or Basic to switch between a basic URL and an advanced location to specify trustpoint location. |
Protocol | Select the protocol used for
importing the target CA certificate. Available options
include:
|
Port | Set the port. This option is not valid for cf and usb1-4. |
Host | Provide the hostname string or
numeric IP address of the server used to import the CA.
Hostnames cannot include an underscore character. This
option is not valid for cf and
usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
Path/File | Specify the path to the CA file. Enter the complete relative path to the file on the server. |
Cut and Paste | Select Cut and Paste to copy an existing CA into the field. When pasting, no additional network address information is required. |
For information on creating a CRL to use with a trustpoint, refer to Setting the Certificate Revocation List (CRL) Configuration.
Trustpoint Name | Enter the 32-character maximum name assigned to the target trustpoint signing the certificate. A trustpoint represents a CA/identity pair containing the identity of the CA, CA-specific configuration parameters, and an association with an enrolled identity certificate. |
From Network | Select From Network to provide network address information to the location of the target CRL. The number of additional fields that populate the screen is also dependent on the selected protocol. This is the default setting. |
URL | Provide the complete URL to the location of the CRL. If needed, click Advanced to expand the dialog to display network address information to the location of the CRL. The number of additional fields populating the screen depends on the selected protocol. |
Advanced/Basic | Click Advanced or Basic to switch between a basic URL and an advanced location to specify trustpoint location. |
Protocol | Select the protocol used for
importing the CRL. Available options include:
|
Port | Set the port. This option is not valid for cf and usb1-4. |
Host | Provide the hostname string or
numeric IP address of the server used to import the CRL.
Hostnames cannot include an underscore character. This
option is not valid for cf and
usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
Path/File | Specify the path to the CRL file. Enter the complete relative path to the file on the server. |
Cut and Paste | Select Cut and Paste to copy an existing CRL into the field. When pasting, no additional network address information is required. |
Self-signed certificates cannot be revoked which may allow an attacker who has already gained access to monitor and inject data into a connection to spoof an identity if a private key has been compromised. However, CAs have the ability to revoke a compromised certificate, preventing its further use.
Certificate Name | Enter the 32-character maximum trustpoint name with which the certificate should be associated. |
From Network | Select From Network to provide network address information to the location of the signed certificate. The number of additional fields that populate the screen is also dependent on the selected protocol. From Network is the default setting. |
URL | Provide the complete URL to the location of the signed certificate. If needed, click Advanced to expand the dialog to display network address information to the location of the signed certificate. The number of additional fields populating the screen depends on the selected protocol. |
Protocol | Select the protocol used for
importing the signed certificate. Available options include:
|
Port | Set the port. This option is not valid for cf and usb1-4. |
Host | Provide the hostname string or
numeric IP address of the server used to import the signed
certificate. Hostnames cannot include an underscore
character. This option is not valid for cf
and usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
Path/File | Specify the path to the signed certificate file. Enter the complete relative path to the file on the server. |
Cut and Paste | Select Cut and Paste to copy an existing certificate into the field. When pasting, no additional network address information is required. |
Trustpoint Name | Enter the 32-character maximum name assigned to the trustpoint. The trustpoint signing the certificate can be a certificate authority, a corporation, or an individual.. |
URL | Provide the complete URL to the location of the trustpoint. If needed, click Advanced to expand the dialog to display network address information to the location of the trustpoint. The number of additional fields populating the screen depends on the selected protocol. |
Protocol | Select the protocol used for
exporting the target trustpoint. Available options include:
|
Port | Set the port. This option is not valid for cf and usb1-4. |
Host | Provide the hostname string or
numeric IP address of the server used to export the
trustpoint. Hostnames cannot include an underscore
character. This option is not valid for cf
and usb1-4. Select IPv4 Address to use an IPv4 formatted address as the host. Select IPv6 Address to use an IPv6 formatted address as the host. IPv6 provides enhanced identification and location information for computers on networks routing traffic across the Internet. IPv6 addresses are composed of eight groups of four hexadecimal digits separated by colons. |
Path/File | Specify the path to the signed trustpoint file. Enter the complete relative path to the file on the server. |
Cut and Paste | Select Cut and Paste to copy an existing trustpoint into the field. When pasting, no additional network address information is required. |