Hey all, When configuring your IOS router as a CA Server, I've read that you need to configure that very CA server's trustpoint and authenticate & enroll with it.
In the past, every time I've configured a router as a CA server, the trustpoint is always auto-configured as soon as I "no shutdown" on the CA server i.e. I never configure the trustpoint on the CA server once I've setup the CA Server itself. I then proceed to configure the other devices that need to enroll with the CA Server, and they authenticate each other (authentication rsa-sig) successfully using the certificates when building VPNs. The difference I've noticed though, when I dont configure the trustpoint on the CA Server is that with the auto-configured trustpoint on the CA Server, the "enrollment url" statement isnt there. Example: crypto pki server R6CASERVER database url flash: grant auto no shutdown crypto pki trustpoint R6CASERVER enrollment url http://6.6.6.6:80 <- in the auto-configured trustpoint (once you run "no shutdown" above) this statement doesnt exist revocation-check crl What is everybody else's experience when configuring CA Servers, and what's the best recommendation for me to adopt going forward ? Mark
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
