Easy way to create a CA server for testing purposes.
hostname CA
crypto key generate rsa label PKI modulus 2048
ip http server
crypto pki server PKI
database url flash:
database level complete
issuer-name cn=rootca.test.local
hash sha256
database archive pkcs12 password Cisco123
grant auto
no shut
crypto pki export PKI pem url flash:
yes
tftp-server flash:PKI.ca
crypto pki export PKI pem terminal !Get a text based version of the CA cert.
Config your Network interfaces.
Gen a CSR on whatever you need a cert for.
Then back on the router, use the CSR to gen a cert.
crypto pki server PKI request pkcs10 terminal
Paste in your CSR, and the router will output the cert in base64.
0 Comments