Chapter 4
C Commands
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m
crypto ca trustpoint
To create a trust point certificate authority (CA) that the switch should trust, and enter trust point
configuration submode (config-trustpoint), use the crypto ca trustpoint command in configuration
mode. To remove the trust point, use the no form of the command.
Syntax Description
trustpoint-label
Defaults
None.
Command Modes
Configuration mode.
Command History
Release
3.0(1)
Usage Guidelines
Trust points have the following characteristics:
•
•
•
•
•
You do not need to designate one or more trust points to an application. Any application should be able
to use any certificate issued by any trust point as long as the certificate purpose satisfies application
requirement.
You do not need more than one identity certificate from a trust point or more than one key pair to be
associated to a trust point. A CA certifies a given identity (name) only once and does not issue multiple
certificates with the same subject name. If you need more than one identity certificate for a CA, define
another trust point for the same CA, associate another key pair to it, and have it certified, provided CA
allows multiple certificates with same subject name.
Before using the no crypto ca trustpoint command to remove the trust point, first delete the identity
Note
certificate and CA certificate (or certificate chain) and then disassociated the RSA key pair from the trust
point. The switch enforces this behavior to prevent the accidental removal of the trust point along with
OL-8413-07, Cisco MDS SAN-OS Release 3.x
crypto ca trustpoint trustpoint-label
no crypto ca trustpoint trustpoint-label
Modification
This command was introduced.
A trust point corresponds to a single CA, which an MDS switch trusts for peer certificate verification
for any application.
A CA must be explicitly associated to a trust point using the CA authentication process using the
crypto ca authenticate command.
An MDS switch can have many trust points and all applications on the switch can trust a peer
certificate issued by any of the trust point CAs.
A trust point is not restricted to a specific application.
The MDS switch can optionally enroll with a trust point CA to get an indemnity certificate for itself.
Specifies the name of the trust point. The maximum size is 64
characters.
Cisco MDS 9000 Family Command Reference
crypto ca trustpoint
4-117