Leaflet
9-10
思科 ASA 系列命令参考,A 至 H 命令
第 9 章 crypto am-disable 至 crypto ipsec ikev1 transform-set mode transport 命令
crypto ca enroll
% Certificate request sent to Certificate authority.
% The certificate request fingerprint will be displayed.
% The ‘show crypto ca certificate’ command will also show the fingerprint.
ciscoasa(config)#
以下示例展示 CA 证书的手动注册:
ciscoasa(config)# crypto ca enroll tp1
% Start certificate enrollment ..
% The fully-qualified domain name in the certificate will be: xyz.example.com
% The subject name in the certificate will be: wb-2600-3.example.com
if serial number not set in trustpoint, prompt:
% Include the router serial number in the subject name?[yes/no]: no
If ip-address not configured in trustpoint:
% Include an IP address in the subject name?[no]: yes
Enter Interface name or IP Address[]: 1.2.3.4
Display Certificate Request to terminal?[yes/no]: y
Certificate Request follows:
MIIBFTCBwAIBADA6MTgwFAYJKoZIhvcNAQkIEwcxLjIuMy40MCAGCSqGSIb3DQEJ
AhYTd2ItMjYwMC0zLmNpc2NvLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDT
IdvHa4D5wXZ+40sKQV7Uek1E+CC6hm/LRN3p5ULW1KF6bxhA3Q5CQfh4jDxobn+A
Y8GoeceulS2Zb+mvgNvjAgMBAAGgITAfBgkqhkiG9w0BCQ4xEjAQMA4GA1UdDwEB
/wQEAwIFoDANBgkqhkiG9w0BAQQFAANBACDhnrEGBVtltG7hp8x6Wz/dgY+ouWcA
lzy7QpdGhb1du2P81RYn+8pWRA43cikXMTeM4ykEkZhLjDUgv9t+R9c=
---End - This line not part of the certificate request---
Redisplay enrollment request?[yes/no]: no
ciscoasa(config)#
相关命令
命令 说明
crypto ca authenticate
获取此信任点的 CA 证书。
crypto ca import
pkcs12
安装从 CA 收到的证书以响应手动注册请求。
crypto ca trustpoint
进入指定信任点的加密 CA 信任点配置模式。