Under the trustpoint, if you do crypto pki trustpoint CA fqdn none
you should get a DN that is the subject-name, exactly as specified. If you do not use "fqdn none" IOS will helpfully(not) try to add the FQDN to the subject-name as an unstructuredName component of the DN. I found this behaviour annoying as unstructuredName isn't commonly used and it pollutes the subject-name. This is an IOS quirk. To have full control of your subject-name when creating the cert request you will need "fqdn none" under the trustpoint. Regards Richard
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
