Cisco CP-7911G-CH1 Administration Guide - Page 188
Examples, Autoenrolling and Authenticating the Secure Cisco Unified SRST Router to the CA Server
View all Cisco CP-7911G-CH1 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 188 highlights
How to Configure Secure Unified SRST Configuring Secure SRST for SCCP and SIP Command or Action Step 5 grant auto Example: Router (cs-server)# grant auto Step 6 no shutdown Example: Router (cs-server)# no shutdown Purpose Allows an automatic certificate to be issued to any requestor. • This command is used only during enrollment and will be removed in the "Disabling Automatic Certificate Enrollment" section on page 190. Enables the Cisco IOS certificate server. • You should issue this command only after you have completely configured your certificate server. Examples The following example reflects one way of generating a CA: Router(config)# crypto pki server srstcaserver Router(cs-server)# database level complete Router(cs-server)# database url nvram Router(cs-server)# issuer-name CN=srstcaserver Router(cs-server)# grant auto % This will cause all certificate requests to be automatically granted. Are you sure you want to do this? [yes/no]: y Router(cs-server)# no shutdown % Once you start the server, you can no longer change some of % the configuration. Are you sure you want to do this? [yes/no]: y % Generating 1024 bit RSA keys ...[OK] % Certificate Server enabled. Autoenrolling and Authenticating the Secure Cisco Unified SRST Router to the CA Server The secure Cisco Unified SRST Router needs to define a trustpoint; that is, it must obtain a device certificate from the CA server. The procedure is called certificate enrollment. Once enrolled, the secure Cisco Unified SRST Router can be recognized by Cisco Unified Communications Manager as a secure SRST router. There are three options to enroll the secure Cisco Unified SRST Router to a CA server: autoenrollment, cut and paste, and TFTP. When the CA server is a Cisco IOS certificate server, autoenrollment can be used. Otherwise, manual enrollment is required. Manual enrollment refers to cut and paste or TFTP. Use the enrollment url command for autoenrollment and the crypto pki authenticate command to authenticate the SRST router. Full instructions for the commands can be found in the Certification Authority Interoperability Commands documentation. An example of autoenrollment is available in the Certificate Enrollment Enhancements feature. A sample configuration is provided in the "Examples" section on page 190. SUMMARY STEPS 1. crypto pki trustpoint name 2. enrollment url url 3. revocation-check method1 4. exit 188 Cisco Unified SCCP and SIP SRST System Administrator Guide OL-13143-04