ca-server

Configures the primary and secondary CMP CA server details.

The CA is an external network authority (usually a trusted third-party server) that generates and issues digital certificates in response to requests received from network devices. Use this command to configure the primary and secondary CA server details, such as name of the device hosting the CA server, the port used to access the CA server, and the path where the certificate is stored. Once defined, devices using this CMP policy automatically send requests to the specified primary CA server, and retrieve the certificate from the specified location. If the primary CA server is not reachable, the requests are sent to the secondary CA server.

Supported in the following platforms:

Syntax

ca-server [primary|secondary] host <IP> port <1-65535> path <PATH>

Parameters

ca-server [primary|secondary] host <IP> port <1-65535> path <PATH>
ca-server [primary|secondary] Configures the primary and secondary CMP CA server details (IPv4 address, port, and path)
  • primary – Configures the primary CMP CA server‘s details
  • secondary – Configures the secondary CMP CA server‘s details

The secondary CMP CA is used in case the primary CA server is not reachable. CA server settings are required to complete CMP requests.

host <IP>

Configures IP address or hostname of the device hosting the CA server

  • <IP/HOSTANAME> – Specify the IP address or hostname.

port <PORT-NUMBER>

Configures IPv4 address of the device hosting the primary/secondary CA server
  • <IP/HOSTNAME> – Specify the server‘s IPv4 address.
port <1-65535> Configures the port on which the primary/secondary CA server can be reached
  • <1-65535> – Specify the port number from 1 - 65535.

path <PATH>

Configures the path or filename of the primary/secondary CMP CA certificate. Enter the complete relative path to the file on the server.
  • <PATH> – Specify the path. Once specified, the certificate is downloaded from this location and installed on the device.

Examples

ap505-D8273A(config-cmp-policy-CMP)#ca-server primary host 192.168.8.74 port 8 path cmp
ap505-D8273A(config-cmp-policy-CMP)#show context
crypto-cmp-policy CMP
ca-server primary host 192.168.8.74 port 80 path cmp
ap505-D8273A(config-cmp-policy-CMP)#

Related Commands

no Removes the configured primary/secondary CA server details