Assigns trustpoints to validate various services, such as HTTPS, RADIUS CA, RADIUS server, external LDAP server, etc.
For more information on digital certificates and certificate authorities, see trustpoint (profile-config-mode).
Note
Certificates/trustpoints used in this command should be verifiable as existing on the device.trustpoint [cloud-client|cmp-auth-operator|https|radius-ca|radius-ca-ldaps| radius-server|radius-server-ldaps] <TRUSTPOINT-NAME>
| trustpoint | Assigns trustpoints to validate various services. The assigned trustpoint is used as the CA for validating the services. |
| cloud-client | Assigns trustpoint to validate cloud client. The trustpoint should be existing and installed on the device. Use this option on cloud-enabled access points and cloud-adopted, to secure the communication between the cloud AP and cloud client. The trustpoint should be existing and installed on the AP. The cloud-enabled access points are AP7502, AP7522, AP7532, and AP7562. For local-controller adopted APs, this configuration is not required, |
| cmp-auth-operator | Assigns an existing trustpoint to validate CMP auth operator. Once validated, CMP is used to obtain and manage digital certificates in a PKI network. Digital certificates link identity information with a public key enclosed within the certificate, and are issued by the CA. Use this command to specify the CMP-assigned trustpoint. When specified, devices send a certificate request to the CMP supported CA server, and download the certificate directly from the CA server. CMP supports multiple request options through for device communicating to a CMP supported CA server. The device can initiate a request for getting the certificates from the server. It can also auto update the certificates which are about to expire. Note: When configured, this cmp-auth-operator trustpoint setting overrides the profile-level configuration.
|
| https | Assigns an existing trustpoint to validate HTTPS |
| radius-ca | Assigns an existing trustpoint to validate client certificates in EAP |
| radius-ca-ldaps | Assigns an existing trustpoint to validate external LDAP server |
| radius-server | Assigns an existing trustpoint to validate RADIUS server certificate |
| radius-server-ldaps | Assigns an existing trustpoint to RADIUS server certificate to validate LDAP server |
| <TRUSTPOINT-NAME> | The following keyword is common to all of the above parameters:
|
A device‘s default HTTPS, RADIUS, and CMP certificate/trustpoint configuration is as follows:
nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#show context include-factory | include trustpoint trustpoint https default-trustpoint no trustpoint radius-ca trustpoint radius-server default-trustpoint no trustpoint radius-ca-ldaps trustpoint radius-server-ldaps default-trustpoint no trustpoint cmp-auth-operator nx9500-6C8809(config-device-B4-C7-99-6C-88-09)# nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#trustpoint https test nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#show context include-factory | include trustpoint trustpoint https test no trustpoint radius-ca trustpoint radius-server default-trustpoint no trustpoint radius-ca-ldaps trustpoint radius-server-ldaps default-trustpoint no trustpoint cmp-auth-operator nx9500-6C8809(config-device-B4-C7-99-6C-88-09)#