|
Author
|
Topic: Manual certificate enrollment
|
|
|
KeithB
unregistered
|
posted May 07, 2009 08:36 PM
So you want to get the cert, but not use SCEP to do it the easy way? Is that right?
Keith
IP: Logged
|
|
theevilmuffin
I need a life
Member # 23191
Member Rated:
|
posted May 08, 2009 12:21 AM
quote:
Originally posted by KeithB:
So you want to get the cert, but not use SCEP to do it the easy way? Is that right?
Keith
Hi Keith
That's right mate - if you know of any way around this please let me know -I've got to a point where I am banging my head against a wall.
thanks
Posts: 1065 | From: UK | Registered: Sep 2007
| IP: Logged
|
|
Ohanusi
Guru
Member # 16782
Member Rated:
|
posted May 09, 2009 01:40 PM
on the cisco ca server
cry pki export newca pem terminal
will display the ca certificate. copy this without the header and paste on the client
when
cry pki authen (truspoint) is entered.
cry pki enrol ((trustpoint) on client will display pkcs10 requst. copy this without the header and paste on the ca server after the command below.
on the server in the global mode enter
pki ser newca request pkcs10 ter
paste the client displayed pkcs10 file without the header and hit the enter key.
it will display the granted certificate. Copy this and paste on the client by entering
cry pki import newlab certificate on the client (no certificate header too)
make sure the time on your cisco are in sync with the CA
Cheers
Posts: 235 | From: UK | Registered: Aug 2005
| IP: Logged
|
|
KeithB
unregistered
|
posted May 10, 2009 09:08 AM
Ohanusi -
Wow. Thanks for the post.
Keith
IP: Logged
|
|
theevilmuffin
I need a life
Member # 23191
Member Rated:
|
posted May 12, 2009 07:51 AM
quote:
Originally posted by Ohanusi:
on the cisco ca server
cry pki export newca pem terminal
will display the ca certificate. copy this without the header and paste on the client
when
cry pki authen (truspoint) is entered.
cry pki enrol ((trustpoint) on client will display pkcs10 requst. copy this without the header and paste on the ca server after the command below.
on the server in the global mode enter
pki ser newca request pkcs10 ter
paste the client displayed pkcs10 file without the header and hit the enter key.
it will display the granted certificate. Copy this and paste on the client by entering
cry pki import newlab certificate on the client (no certificate header too)
make sure the time on your cisco are in sync with the CA
Cheers
Ohanusi - you are the MAN! THANK you very much!
Mate - you've really helped me out - I see that you are in the UK, if you're around Farnborough or Devon let me know and I'll gladly get you a few pints! many thanks!!!
Posts: 1065 | From: UK | Registered: Sep 2007
| IP: Logged
|
|
Ohanusi
Guru
Member # 16782
Member Rated:
|
posted May 12, 2009 08:07 AM
Hi theevilmuffin,
Thanks, i'm in London, but i'm already drinking the virtual beer
Regards
Posts: 235 | From: UK | Registered: Aug 2005
| IP: Logged
|
|
UBBFriend: Email this page to someone!
Printer-friendly view of this topic