cross-cert-validate

Enables validation of the cross certificate using the factory certificate. When enabled, the obtained cross-certificate is validated against the operator‘s certificate configured on the device. An error message is displayed in case the cross-certificate is not obtained or if the cross-certificate is found to be invalid. This option is disabled by default.

Note

Note

To configure the operator certificate, in the device configuration mode execute the trustpoint > cmp-auth-operator command. For more information, see trustpoint (device-config-mode).

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

cross-cert-validate

Parameters

None

Examples

nx9500-6C8809(config-cmp-policy-test)#cross-cert-validate
nx9500-6C8809(config-cmp-policy-test)#show context
crypto-cmp-policy test
 cert-key-size 3072
 cross-cert-validate
 ca-server primary host 192.168.8.74 port 8 path cmp
nx9500-6C8809(config-cmp-policy-test)#

Related Commands

no Disables validation of the cross certificate with the factory certificate