Hey, Jason, I once ran into this limitation in real life. We suggested our client to move into certificate based authentication from PSK for their 80+ remote routers and part of this suggestion was using IOS CA. But when it came to seeing hostnames or just anything that would give a clue whom a particular certificate was issued we had to scratch our heads and opt for Microsoft CA. It's so user unfriendly to use IOS CA for this purposes in large production environment. You were right, looking into the content of CNM file will tell you the hostname but it's an overhead that creates some burden on the administrator.
Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Jason Madsen Sent: Sunday, September 02, 2012 12:41 PM To: [email protected] Subject: [OSL | CCIE_Security] See IOS Cert's Issued From IOS CA Hi all, I'm having a brain fart. How do we see a list of Cert's that have been issued from the CLI on the CA? "Show crypto pki cert verb" only shows local certs, and "show cryp pki server" only shows the number of the last cert issued, but not necessarily to whom it was granted. I'm looking for a full list of Cert's granted, so that I can manually revoke some by serial number etc. I know I can see Cert info from each device that obtained a Cert, but I want to see this info on the CA. Thanks, Jason
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
