把cisco路由器配置成ca服务器
参考
clock set 10:00:00 Dec 23 2017
conf t
crypto key generate rsa general-keys label cisco1 exportable
crypto key export rsa cisco1 pem url nvram: 3des cisco123
show crypto key mypubkey rsa
ip http server
crypto pki server cisco1
database url nvram:
database level minimum
issuer-name CN=cisco1.cisco.com L=RTP C=US
lifetime ca-certificate 365
lifetime certificate 200
lifetime crl 24
cdp-url http://12.1.1.1/cisco1cdp.cisco1.crl
no shutdown
conf t
ip domain-name cisco.com
crypto key generate rsa
crypto ca trustpoint cisco
enrollment retry count 5
enrollment retry period 3
enrollment url http://12.1.1.1:80
revocation-check none
crypto ca authenticate cisco