Spot on Marvin, after rereading the documentation I have done the same ( only configured the CA Svr ) and the trustpoint was indeed created automatically. crypto pki server R2 issuer-name cn=R2.cisco.com grant auto database url flash:
crypto pki trustpoint R2 revocation-check crl rsakeypair R2 Thanks for the correction. Stu On Mon, Jul 6, 2009 at 6:20 PM, Marvin Greenlee <[email protected]>wrote: > If you do not have a trustpoint defined, the router will create one when > you "no shut" the pki server, using the same name as the pki server name. > Rack1R6(config)#do sho run | i pki > Rack1R6(config)#crypto pki server TEST > Rack1R6(cs-server)#grant auto > Rack1R6(cs-server)#do show run | i pki > crypto pki server TEST > Rack1R6(cs-server)#no shut > %Some server settings cannot be changed after CA certificate generation. > % Please enter a passphrase to protect the private key > % or type Return to exit > Password: > .Jul 6 10:16:04.871: %PKI-6-CS_GRANT_AUTO: All enrollment requests will be > auto > matically granted. > Re-enter password: > % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] > % Exporting Certificate Server signing certificate and keys... > Rack1R6(cs-server)#do show run | i pki > crypto pki server TEST > crypto pki trustpoint TEST > crypto pki certificate chain TEST > > > Regards, > Marvin Greenlee, CCIE #12237 > [email protected] > > > --- On *Mon, 7/6/09, Stuart Hare <[email protected]>* wrote: > > > From: Stuart Hare <[email protected]> > Subject: Re: IOS CA + VPN Client , CCBOOTCAMP working solution below > To: "Keith Barker" <[email protected]> > Cc: "Piotr Kaluzny" <[email protected]>, "Willians Barboza" < > [email protected]>, [email protected] > Date: Monday, July 6, 2009, 6:11 AM > > Keith, > > Did you not include a pki trustpoint on the IOS CA? > > I have always included as they appear in the config guide examples, not > sure > if it is actually required though? > > Stu > > > -- Stuart Hare [email protected]
