cross-cert-validate

Enables validation of the cross certificate using the factory certificate. When enabled, the obtained cross-certificate is validated against the operator‘s certificate configured on the device. An error message is displayed in case the cross-certificate is not obtained or if the cross-certificate is found to be invalid. This option is disabled by default.

Note

To configure the operator certificate, in the device configuration mode execute the trustpoint > cmp-auth-operator command. For more information, see trustpoint (device-config-mode).

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

cross-cert-validate

Parameters

None

Examples

nx9500-6C8809(config-cmp-policy-test)#cross-cert-validate

nx9500-6C8809(config-cmp-policy-test)#show context
crypto-cmp-policy test
 cert-key-size 3072
 cross-cert-validate
 ca-server primary host 192.168.8.74 port 8 path cmp
nx9500-6C8809(config-cmp-policy-test)#

Related Commands


no	Disables validation of the cross certificate with the factory certificate