crypto ca trustpoint
To configure a trusted point with a selected name, use the crypto ca trustpoint command. To unconfigure a
trusted point, use the no form of this command.
crypto ca trustpoint ca-name
no crypto ca trustpoint ca-name
Syntax Description
Name of the CA.
ca-name
Command Default
None
Command Modes
Global configuration
Command History
ModificationRelease
This command was introduced.Release 2.0
The example was modified to include the sftp-password command
and sftp-username command.
Release 3.6.0
Usage Guidelines
Use the crypto ca trustpoint command to declare a CA.
This command allows you to configure a trusted point with a selected name so that your router can verify
certificates issued to peers. Your router need not enroll with the CA that issued the certificates to the peers.
The crypto ca trustpoint command enters trustpoint configuration mode, in which you can specify
characteristics for the CA with the following commands:
• crl optional (trustpoint), on page 186 command—The certificates of other peers are accepted without
trying to obtain the appropriate CRL.
• enrollment retry count, on page 206 command—The number of certificate request retries your router
sends before giving up. Optional.
• enrollment retry period, on page 208 command—(Optional)—The time the router waits between
sending certificate request retries.
• enrollment url, on page 211 command—(Optional)—The URL of the CA.
• ip-address (trustpoint), on page 213command—A dotted IP address that is included as an unstructured
address in the certificate request.
Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.1
194 OL-24740-01
Public Key Infrastructure Commands
crypto ca trustpoint
To Next Page
Loading...
Need help?
General
