crypto ca enroll
To obtain a router certificate from the certification authority (CA), use the crypto ca enroll command.
crypto ca enroll ca-name
Syntax Description
Name of the CA Server.
ca-name
Command Default
None
Command Modes
EXEC
Command History
ModificationRelease
This command was introduced.Release 2.0
Usage Guidelines
Use the crypto ca enroll command to request certificates from the CA for the Rivest, Shamir, and Adelman
(RSA) key pairs for the router defined by the rsakeypair, on page 217 command in trustpoint configuration
mode. If no rsakeypair, on page 217 command is configured for the current trustpoint, the default RSA key
pair is used for enrollment. This task is also known as enrolling with the CA. (Enrolling and obtaining
certificates are two separate events, but they both occur when the crypto ca enroll command is issued.) When
using manual enrollment, these two operations occur separately.
The router needs a signed certificate from the CA for each of the RSA key pairs on the router; if you previously
generated general-purpose keys, this command obtains the one certificate corresponding to the one
general-purpose RSA key pair. If you previously generated special-usage keys, this command obtains two
certificates corresponding to each of the special-usage RSA key pairs.
If you already have a certificate for your keys, you are unable to configure this command; instead, you are
prompted to remove the existing certificate first. (You can remove existing certificates by removing the
trustpoint configuration with the no crypto ca trustpoint command.)
The crypto ca enroll command is not saved in the router configuration.
Task ID
OperationsTask ID
executecrypto
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
OL-24740-01 191
Public Key Infrastructure Commands
crypto ca enroll
To Next Page
Loading...
Need help?
General
