Monday, 6 May 2013

Configuring IOS CA Server

Configuring Cisco Router as CA Server

R1(config)#ip domain-name
R1(config)#crypto key generate rsa general-keys label netx exportable
R1(config)#crypto key export rsa netx pem url nvram: 3des netx123
!generate and export RSA keys

R1#show crypto key mypubkey rsa

R1(config)#ip http server
R1(config)#crypto pki server netxCA
R1(cs-server)#database url nvram:
!If this command is not specified, all database entries are written to Flash.
R1(cs-server)#database level <minimum | names | complete>
!Minimum: Enough information is stored only to continue issuing new certificates without
conflict; the default value.
!Names: In addition to the information given in the minimal level, the serial number and
subject name of each certificate.
!Complete: In addition to the information given in the minimal and names levels, each issued
certificate is written to the database.
R1(cs-server)#issuer-name L=Blr C=In
R1(cs-server)#lifetime ca-certificate 365
!default 3year
R1(cs-server)#lifetime certificate 200  
!default 1 year
R1(cs-server)#lifetime crl 24  
!default 1week
R1(cs-server)#grant auto
R1(cs-server)#no shutdown

R1# show crypto pki server

No comments:

Post a Comment