crypto ca authenticate
Identifies the root CA certificate,
which is used to sign the Certificate Signing Request (CSR) to generate the server
certificate.
Syntax
crypto ca authenticate
{trustpoint-name
cert-type
{
commoncert
|
https
|
ssh-x509v3}directory
dirname
file
file-name
host
host-address
protocol
source-ipsource-ip{FTP |
SCP}
user
user-name
password
password}
no crypto ca
authenticate
{
trustpoint_name
cert-type
{
commoncert
|
https
|
ssh-x509v3}
Parameters
- trustpoint-name
- Defines the name of the trustpoint you are
authenticating. This name needs to be the same as that of the trustpoint
created by the crypto ca trustpoint command. The string for the name cannot
be left blank. The length of the string can range from 1 through 64
characters.
- cert-type
{commoncert
|
https
|
ssh-x509v3}
- Indicates that the certificate is used for
common, HTTPS, or SSH-x509v3 server authentication.
- directory
dir-name
- Defines the path to the
directory where the certification file resides.
- file
file-name
- Defines the name of the
certification file.
- host
host-address
- Specifies the host name or IP
address of the remote certificate server.
- protocol
{FTP
|
SCP}
- Specifies the use of either
FTP or SCP protocol for accessing the certification file.
- user
user-name
- Specifies the user name for
the host server.
- source-ip
source-ip
- (SCP only) Specifies the source IP address to use in the header.
- password
password
- Specifies the password for the user to access the host server.
Modes
Privileged EXEC mode
Usage Guidelines
Use this command to identify the CA certificate
of the Trusted CA that you want to sign the CSR and generate the identity
certificate.
The trustpoint-name name
needs to be the same as that of the trustpoint created by the crypto ca trustpoint
command.
The no form of the command
deletes the specified certificate.
Note
As a best practice, do not list the
password in the command line for security purposes. The user will be prompted for
the password.
Examples
This example specifies HTTPS authentication and
the SCP protocol.
device# crypto ca authenticate t1 cert-type https protocol SCP host 10.70.12.102
user fvt directory /users/home/crypto file cacert.pem password ****
This example specifies SSH-x509v3 authentication and the SCP protocol.
crypto ca enroll myca cert-type ssh-x509v3 protocol SCP country IN state KA
locality Bangalore organization Extreme orgunit Engg common 10.24.12.xx directory /root/certs
host x.x.x.x user root password ****
