Crypto-CMP Policy

This chapter summarizes the crypto certificate management protocol (CMP) policy commands in the CLI command structure.

CMP is an Internet protocol designed to enable devices (access point, wireless controller, or service platform) to obtain and manage digital certificates in a Public Key Infrastructure (PKI) network. A Certificate Authority (CA) issues the certificates using the defined CMP.

WiNG CMP implementation allows you to configure a crypto CMP policy that enables auto installation and auto management of device certificates. When configured and implemented on a device, the crypto CMP policy allows the device to automatically trigger a certification request to a configured, CMP supported CA server. Once the certificate is validated and confirmed from the CA server it is saved on the device and becomes part of the trustpoint. During the creation of the CMP policy the trustpoint is assigned a name and client information. You can use a manually created trustpoint for one service (like HTTPS) and use the CMP generated trustpoint for RADIUS EAP certificate based authentication.

Use the (config) instance to configure a crypto CMP policy. To navigate to the crypto CMP policy configuration instance, use the following commands:

<DEVICE>(config)#crypto-cmp-policy <CRYPTO-CMP-POLICY-NAME>

nx9500-6C8809(config)#crypto-cmp-policy CMPPolicy
nx9500-6C8809(config-cmp-policy-CMPPolicy)#?
CMP Policy Mode commands:
  ca-server              CMP CA Server configuration commands
  cert-key-size          Set key size for certificate request
  cert-renewal-timeout   Trigger a cert renewal request on timeout
  cross-cert-validate    Validate cross-cert using factory-cert
  hash-algorithm        Set hash algorithm for certificate request
  no                     Negate a command or set its defaults
  subjectAltName         Configure subjectAltName value
  trustpoint             Trustpoint for CMP
  use                    Set setting to use

  clrscr                 Clears the display screen
  commit                 Commit all changes made in this session
  do                     Run commands from Exec mode
  end                    End current mode and change to EXEC mode
  exit                   End current mode and down to previous mode
  help                   Description of the interactive help system
  revert                 Revert changes
  service                Service Commands
  show                   Show running system information
  write                  Write running configuration to memory or terminal
nx9500-6C8809(config-cmp-policy-CMPPolicy)#

This chapter is organized as follows:

• crypto-cmp-policy-instance
• other-cmp-related-commands