crypto ca authenticate
To authenticate the certification authority (CA) by getting the certificate for the CA, use the crypto ca
authenticate command.
crypto ca authenticate ca-name
Syntax Description
Name of the CA Server.
ca-name
Command Default
None
Command Modes
EXEC
Command History
ModificationRelease
This command was introduced.Release 2.0
The example output was modified.Release 3.6.0
Usage Guidelines
The crypto ca authenticate command is required when you initially configure CA support at your router.
This command authenticates the CA to your router by obtaining the CA certificate, which contains the public
key for the CA. For self-signed root CA, because the CA signs its own certificate, you should manually
authenticate the CA public key by contacting the CA administrator when you use this command. The certificate
fingerprint matching is done out-of-band (for example, phone call, and so forth).
Authenticating a second-level CA requires prior authentication of the root CA.
After the crypto ca authenticate command is issued and the CA does not respond by the specified timeout
period, you must obtain terminal control again to re-enter the command.
Task ID
OperationsTask ID
executecrypto
Examples
The CA sends the certificate, and the router prompts the administrator to verify the certificate by checking
the certificate fingerprint (a unique identifier). The CA administrator can also display the CA certificate
fingerprint, so you should compare what the CA administrator sees to what the router displays on the screen.
If the fingerprint on the display matches the fingerprint displayed by the CA administrator, you should accept
the certificate as valid.
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
188 OL-24740-01
Public Key Infrastructure Commands
crypto ca authenticate
To Next Page
Loading...
Need help?
General
