[svc] cisco router as ca server

把cisco路由器配置成ca服务器

参考

clock set 10:00:00 Dec 23 2017
conf t
crypto key generate rsa general-keys label cisco1 exportable
crypto key export rsa cisco1 pem url nvram: 3des cisco123
show crypto key mypubkey rsa
ip http server

crypto pki server cisco1
database url nvram:
database level minimum
issuer-name CN=cisco1.cisco.com L=RTP C=US
lifetime ca-certificate 365 
lifetime certificate 200 
lifetime crl 24
cdp-url http://12.1.1.1/cisco1cdp.cisco1.crl
no shutdown



conf t
ip domain-name cisco.com
crypto key generate rsa


crypto ca trustpoint cisco
    enrollment retry count 5
    enrollment retry period 3
    enrollment url http://12.1.1.1:80
    revocation-check none

crypto ca authenticate cisco