Specifications

ManualsBrandsCisco ManualsComputer equipment7935 - IP Conference Station VoIP Phone

121

122

123

124

125

126

127

128

129

130

Setting Up Secure Survivable Remote Site Telephony

How to Configure Secure SRST

117

Cisco Unified Survivable Remote Site Telephony Version 4.0 System Administrator Guide

Examples

The following example autoenrolls and authenticates the SRST router.

Router(config)# crypto pki trustpoint srstca

Router(ca-trustpoint)# enrollment url http://10.1.1.22

Router(ca-trustpoint)# revocation-check none

Router(ca-trustpoint)# exit

Router(config)# crypto pki authenticate srstca

Certificate has the following attributes:

Fingerprint MD5: 4C894B7D 71DBA53F 50C65FD7 75DDBFCA

Fingerprint SHA1: 5C3B6B9E EFA40927 9DF6A826 58DA618A BF39F291

% Do you accept this certificate? [yes/no]: y

Trustpoint CA certificate accepted.

Router(config)# crypto pki enroll srstca

% Start certificate enrollment ..

% Create a challenge password. You will need to verbally provide this

password to the CA Administrator in order to revoke your certificate.

For security reasons your password will not be saved in the configuration.

Please make a note of it.

Password:

Re-enter password:

% The fully-qualified domain name in the certificate will be: router.cisco.com

% The subject name in the certificate will be: router.cisco.com

% Include the router serial number in the subject name? [yes/no]: y

% The serial number in the certificate will be: D0B9E79C

% Include an IP address in the subject name? [no]: n

Request certificate from CA? [yes/no]: y

% Certificate request sent to Certificate Authority

% The certificate request fingerprint will be displayed.

% The 'show crypto pki certificate' command will also show the fingerprint.

Sep 29 00:41:55.427: CRYPTO_PKI: Certificate Request Fingerprint MD5: D154FB75

2524A24D 3D1F5C2B 46A7B9E4

Sep 29 00:41:55.427: CRYPTO_PKI: Certificate Request Fingerprint SHA1: 0573FBB2

98CD1AD0 F37D591A C595252D A17523C1

Sep 29 00:41:57.339: %PKI-6-CERTRET: Certificate received from Certificate Authority

Step 5

crypto pki authenticate

name

Example:

Router(config)# crypto pki authenticate srstca

Authenticates the CA (by getting the certificate from the

CA).

• Takes the name of the CA as the argument.

Step 6

crypto pki enroll

name

Example:

Router(config)# crypto pki enroll srstca

Obtains the SRST router certificate from the CA.

• Takes the name of the CA as the argument.

Command or Action Purpose