Just wanted to confirm if this was correct:
if a router is a certificate authority and you wanhet to get a
certificate for itself (as it will participate in dmvpn), then do you
have to create a seperate trustpoint. eg:
crypto pki truustpoint ca1
rsakey ca1_rsa
crypto pki server ca1
....
then
crypto ca trustpoint local_ca1
enrollment url http://1.1.1.1:80
exit
crypto ca authenticate local_ca1
crypto ca enroll local_ca1
the reason I ask is that this is the only way I could find to enroll
onto itself. when I try the following without creating another
trustpoint, i get an error
crypto ca trustpoint enroll ca1
% Trustpoint ca1 is used by the IOS CA. Manual enrollment not permitted.
thanks
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
