Specifications
Setting Up Secure Survivable Remote Site Telephony
How to Configure Secure SRST
116
Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide
SUMMARY STEPS
1. crypto pki trustpoint name
2. enrollment url url
3. revocation-check method1
4. exit
5. crypto pki authenticate name
6. crypto pki enroll name
DETAILED STEPS
Command or Action Purpose
Step 1
crypto pki trustpoint
name
Example:
Router(config)# crypto pki trustpoint srstca
Declares the CA that your router should use and enters
ca-trustpoint configuration mode.
• The name provided will be the same as the trustpoint
name that will be declared in the “Enabling Credentials
Service on the Secure SRST Router” section on
page 120.
Step 2
enrollment url
url
Example:
Router(ca-trustpoint)# enrollment url
http://10.1.1.22
Specifies the enrollment parameters of your CA.
• url url—Specifies the URL of the CA to which your
router should send certificate requests.
• If you are using Cisco proprietary SCEP for enrollment,
url must be in the form http://CA_name, where
CA_name is the host Domain Name System (DNS)
name or IP address of the Cisco IOS CA.
• If you used the procedure documented in the
“Configuring a Certificate Authority Server on a Cisco
IOS Certificate Server” section on page 113, the URL
is the IP address of the certificate server router
configured in Step 1. If a third-party CA was used, the
IP address is to an external CA.
Step 3
revocation-check
method1
Example:
Router(ca-trustpoint)# revocation-check none
Checks the revocation status of a certificate. The argument
method1 is the method used by the router to check the
revocation status of the certificate. For this task, the only
available method is none. The keyword none means that a
revocation check will not be performed and the certificate
will always be accepted.
• Using the none keyword is mandatory for this task.
Step 4
exit
Example:
Router(ca-trustpoint)# exit
Exits ca-trustpoint configuration mode and returns to global
configuration mode.