I knew, this will be your reply. Doing it for 80 clients would be difficult.
Cisco developed IOS CA server for a small scale not for an enterprise. With regards Kings On Fri, Jun 1, 2012 at 1:01 PM, Eugene Pefti <[email protected]>wrote: > I knew about this, Kings.**** > > It’s not very user-friendly. This is how the nvram content of CA server > looks like:**** > > ** ** > > R6#dir nvram:**** > > Directory of nvram:/**** > > ** ** > > 236 -rw- 2255 <no date> startup-config**** > > 237 ---- 24 <no date> private-config**** > > 238 -rw- 2255 <no date> underlying-config*** > * > > 1 -rw- 0 <no date> ifIndex-table**** > > 2 ---- 80 <no date> persistent-data**** > > 3 -rw- 2945 <no date> cwmp_inventory**** > > 6 -rw- 32 <no date> IOS-CA.ser**** > > 7 -rw- 802 <no date> 0x1.crt**** > > 8 -rw- 72 <no date> 0x1.cnm**** > > 9 -rw- 403 <no date> IOS-CA.crl**** > > 10 -rw- 2411 <no date> IOS-CA_00001.p12**** > > 13 -rw- 706 <no date> 0x2.crt**** > > 14 -rw- 94 <no date> 0x2.cnm**** > > 15 -rw- 689 <no date> 0x3.crt**** > > 16 -rw- 84 <no date> 0x3.cnm**** > > 17 -rw- 709 <no date> 0x4.crt**** > > 18 -rw- 94 <no date> 0x4.cnm**** > > 19 -rw- 757 <no date> 0x5.crt**** > > 20 -rw- 94 <no date> 0x5.cnm**** > > 21 -rw- 760 <no date> 0x6.crt**** > > 22 -rw- 94 <no date> 0x6.cnm**** > > ** ** > > Can you imagine 80+ remote devices with their respective HEX file names? > How would one know which is which? Let’s say the remote device is > compromised or even stolen. The CA administrator will need to quickly find > the serial number of the certificate issued to this device in question. It > all creates some overhead on the CA admin to keep a mapping of certificates > S/N and the devices hostnames. Not very appealing option as opposed to > Microsoft CA where one can quickly consult Issued certificates and find the > needed one based on the device hostname.**** > > ** ** > > Eugene**** > > ** ** > > ** ** > > *From:* Kingsley Charles [mailto:[email protected]] > *Sent:* Friday, June 01, 2012 12:00 AM > *To:* Eugene Pefti > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] Listing issued certificates on IOS CA > **** > > ** ** > > You can. > > Have "database level complete" configured. There you can check for the > .cnm file which have the enrolled host's subject name and the crt file will > have the issued cert. > > With regards > Kings**** > > On Fri, Jun 1, 2012 at 8:24 AM, Eugene Pefti <[email protected]> > wrote:**** > > Hi guys, > I wonder if I can see client cerificates issued by the IOS CA on the > router acting as CA. Of course I have a way to see the file names in the > database but I need to see the hostname of the client that enrolled and > received a certificate. Preparing an RFP to the client of ours and thinking > of deploying an IOS based CA for their 80+ remote sites connecting to the > hub HQ. Being able to revoke a certificate quickly and easily is important. > > Eugene > Sent from iPhone > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com**** > > ** ** >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
