Configure a Trustpoint CA on Fabric IPsec Gateway VM
About this task
Use this procedure to configure the certificate authority (CA) to use Simple Certificate Enrollment Protocol (SCEP) with a CA server for online certificate provisioning.
Procedure
Example
Switch:1>enable Switch:1#virtual-service FIGW console FIGW>set certificate ca-trustpoint caExtremeEJBCA ca-url http://192.0.2.9:8080/ejbca/publicweb/apply/scep/test/pkiclient.exe FIGW>set certificate ca-trustpoint caExtremeEJBCA caname subca5 FIGW>set certificate ca-trustpoint caExtremeEJBCA get-method post
Variable Definitions
The following table defines parameters for the set certificate ca-trustpoint command.
Variable |
Value |
---|---|
<ca-label> |
Specifies the name of the certificate authority (CA). The name can use alphanumeric characters and is case-sensitive. The maximum length is 45 characters. |
ca-url <ca-url> |
Specifies the trusted CA URL. |
caname <caname> |
Specifies the name of the owner of the device or user. |
get-method <post | get> |
Specifies the HTTP request style. You can use post for EJBCA or get for Win2012 CA. The default value is post. |
The following table defines parameters for the certificate ca command.
Variable |
Value |
---|---|
<ca-trustpoint> |
Specifies the name of the certificate authority. The name can be alphanumeric and is case-sensitive. The maximum length is 45 characters. |
<subject-label> |
Specifies the subject identity. |
The following table defines parameters for the certificate get command.
Variable |
Value |
---|---|
cacert-from <A.B.C.D> <user> <file-path> |
Specifies where to obtain the CA certificate. Specify the IP address, user name, and remote file path. |
crl-from <A.B.C.D> <user> <file-path> <cacert-filename> |
Specifies where to obtain the Certificate Revocation List. Specify the IP address, user name, remote file path, and the CA certificate file to verify the CRL. |
signedcert-from <A.B.C.D> <user> <file-path> <subject-label> |
Specifies where to obtain the subject certificate. Specify the IP address, user name, remote file path, and subject label. |