Setting Up Cisco IOS Router as CA Server¶

Configuration Steps¶

Pre-Requisites

Configure interface on which to service request
Configure approrpiate static/dynamic routing to reach requesting devices
Ensure time on the device is correct (NTP recommended)

Generate the public/private keys

crypto key generate rsa general-keys exporting label <CA-LABEL> modulus 2048

Export the keys (Public and private)

crypto key export rsa <label-name> pem url nvram: <encryption> <key>

Enable HTTP Server for SCEP requests

ip http server

Create CA Server

crypto pki server <db-name>
  database level minimum
  database url nvram:
  issuer-name <cn=xxxxx, c=xxxxx>
  lifetime certificate <days>
  grant [auto]
  no shutdown

Note

You will be prompted to enter a password to protect private key

Verification Steps¶

Verify server is running

show crypto pki server

Setting Up Cisco IOS Router as CA Server¶

Configuration Steps¶

Verification Steps¶

Table of Contents

Previous topic

Next topic

This Page