trustpoint

Configures a trustpoint and its associated information, such as the subject name, the sender‘s (device requesting certification) details, and the recipient's (CA) details. This information is needed to obtain the certificate from the CA server using CMP.

Each certificate is digitally signed by a CA and contains device-specific information, such as device name, IP address, serial number. It helps to uniquely identify a device.

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

trustpoint <TRUSTPOINT-NAME> subject-name <WORD> secret [0 <WORD>|2 <WORD>] 
reference-id <WORD> sender-name <WORD> [recipient-name <WORD>|ca-psk <CERT-PATH>]

Parameters

trustpoint <TRUSTPOINT-NAME> subject-name <WORD> secret [0 <WORD>|2 <WORD>] 
reference-id <WORD> sender-name <WORD> [recipient-name <WORD>|ca-psk <CERT-PATH>]
trustpoint <TRUSTPOINT-NAME> Configures a trustpoint name (should not exceed 32 characters)
  • <TRUSTPOINT-NAME> – Specify the trustpoint‘s name.
subject-name <WORD> Configures a subject name for this trustpoint. The subject name should uniquely identify the certificate and should not exceed 512 characters in length.
secret [0 <WORD>|2 <WORD>] Configures the secret used to encrypt the trustpoint. The secret should not exceed 128 characters in length.
  • 0 <WORD> – Configures a clear text password

  • 2 <WORD> – Configures an encrypted password

    • <WORD> – Specify the password.
reference-id <WORD> Configures the reference ID. The CA server uses this information to identify the shared secret key used.
  • <WORD> – Specify the reference ID.

sender-name <WORD> Configures the sender‘s name. The CA server uses this information to identify the shared secret key used. The sender‘s name should not exceed 512 characters in length.
  • <WORD> – Specify the sender name.
recipient-name Configures the recipient‘s name. The CA server uses this information to validate the request. The recipient's name should not exceed 256 characters in length.
ca-psk <CERT-PATH> Configures the certificate path for the server certificate
  • <CERT-PATH> – Specify the certificate path.

Examples

ap505-D8273A(config-cmp-policy-CMP)#trustpoint cmp-test subject-name "CN=Examp
leCompany, O=Example Company" secret 0 test-secret reference-id 123456 sender-na
me "CN=ExampleCompany.com, O=Example Company" recipient-name "O=Example Company,
 CN=ExampleCompany.com"
ap505-D8273A(config-cmp-policy-CMP)#
ap505-D8273A(config-cmp-policy-CMP)#show context
crypto-cmp-policy CMP
 cert-update
 cert-renewal-timeout 60
 ca-server primary host 192.168.8.74 port 8 path cmp
 trustpoint cmp-test subject-name "CN=ExampleCompany, O=Example Company" secret 0 test-secret  reference-id 123456 sender-name "CN=ExampleCompany.com, O=Example Company" recipient-name "O=Example Company, CN=ExampleCompany.com"
 subjectAltName dn TechPubsCA
ap505-D8273A(config-cmp-policy-CMP)#

Related Commands

no Removes the trustpoint associated with this crypto CMP policy