R01(config)#crypto pki trustpoint vpn.example.com-2019
R01(ca-trustpoint)#enrollment terminal
R01(ca-trustpoint)# serial-number none
R01(ca-trustpoint)# fqdn vpn.example.com
R01(ca-trustpoint)# ip-address none
R01(ca-trustpoint)#$subject-name CN=vpn.example.com,O=Example,OU=IT,L=Guernsey,ST=Guernsey,C=GG
R01(ca-trustpoint)# revocation-check none
R01(ca-trustpoint)#exit
2. Generate CSR Request
R01(config)#cry pki enroll vpn.example.com-2019
% Start certificate enrollment ..
3. Send CSR to a certificate authority, then download the certificate and the intermediate certificate
4. Import the certificates
Enter the base 64 encoded CA certificate.
End with a blank line or the word “quit” on a line by itself
Trustpoint ‘vpn.example.com-2019’ is a subordinate CA and holds a non self sgned cert
Certificate has the following attributes:
Fingerprint MD5:
Fingerprint SHA1:
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
R01(config)#crypto pki import vpn.example.com-2019 certificate
Enter the base 64 encoded certificate.
End with a blank line or the word “quit” on a line by itself
% Router Certificate successfully imported
5. Reconfigure the SSL-VPN to point to the new trustpoint
R01(config)#webvpn gateway Cisco-WebVPN-Gateway
R01(config-webvpn-gateway)#ssl trustpoint vpn.example.com-2019
R01(config-webvpn-gateway)#end
Comments
Post a Comment