certificate ca
Configures the certificate authority (CA) and perform related actions. You can configure
only one CA in a device at a time.
Syntax
-
certificate ca
WORD<1–45> [action caauth | action enroll validity-days <7–1185> |
action get-crl | action install | action noop | action remove | action renew
validity-days <7–1185> | ca-url WORD<0–1000> | common-name
WORD<0–64> | install-file root-ca-filename WORD<1–80> |
key-name<0–64> | sha256-fingerpint WORD<64-64> | use-post
<true|false>]
-
default certificate ca
-
no certificate ca
WORD<1–45> [action | ca-url | common-name | key-name | sha256-fingerpint
| use-post]
Command Parameters
- action caauth
- Authenticates the trustpoint CA by
getting the certificate of the CA and stores the CA certificate locally.
- action enroll [validity-days <7–1185>]
- Generates certificate signing
request to obtain identity certificate from configured trustpoint CA, gets the
digital certificate, and stores it locally, associating with the trustpoint CA.
The validity-days specifies the number of days for which the certificate remains
valid. The default value is 365 days.
- action get-crl
- Gets the Certificate Revocation
List from the CDP and stores into a file.
- action install
- Installs the subject certificate
obtained from the given trustpoint CA.
- action noop
- Specifies that no operation should
be performed after configuring trustpoint.
- action remove
- Releases the locally stored
certificate associated with the trustpoint CA post revocation.
- action renew [challengepassword WORD<0-128>]
- This password is provided offline
by the CA during the end entity registration. The length of the password is from 0
to 128.
- action renew [validity-days <7–1185>]
- Generates certificate renewal
request for given trustpoint CA, gets the digital certificate, and stores it
locally by replacing the old certificate with the new one. The validity-days
specifies the number of days for which the certificate remains valid. The default
value is 365 days.
- ca-url WORD<0–1000>
- Specifies the trusted CA url.
- common-name WORD<0–64>
- Specifies the name of the owner of
the device or user.
- install-file [rootca-filename WORD<1–80>]
- Installs the Root CA file obtained
offline from the CA.
- key-name WORD<0–45>
- Specifies the key pair generated
by the command that was first associated with the CA trustpoint.
- sha256-fingerprint WORD<64–64>
- Specifies an encrypted fingerprint
of the expected certificate to match.
- use-post <true|false>
- Specify the HTTP request style.
The default value is True.
- WORD<1–45>
- Specifies the name of the
certificate authority. It should be alphanumeric and case-sensitive with maximum
length is 45 characters.
Command Mode
Global Configuration
