How to Configure Signed Tcl Scripts
Example:
Device> enable
Step 2
configure terminal
Enters global configuration mode.
Example:
Device# configure terminal
Step 3
crypto pki trustpoint name
Declares the device is to use the Certificate Authority (CA) mytrust and enters ca-trustpoint configuration mode.
Example:
Device(config)# crypto pki trustpoint mytrust
Step 4
enrollment terminal
Specifies manual cut-and-paste certificate enrollment. When this command is enabled, the device displays the certificate
request on the console terminal, allowing you to enter the issued certificate on the terminal.
Example:
Device(ca-trustpoint)# enrollment terminal
Step 5
exit
Exits ca-trustpoint configuration mode and returns to global configuration mode.
Example:
Device(ca-trustpoint)# exit
Step 6
crypto pki authenticate name
Retrieves the CA certificate and authenticates it. Check the certificate fingerprint if prompted.
Because the CA signs its own certificate, you should manually authenticate the public key of the CA by contacting
Note
the CA administrator when you perform this command.
Example:
Device(config)# crypto pki authenticate mytrust
Step 7
At the prompt, enter the base-encoded CA certificate.
Example:
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
MIIEuDCCA6CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBnjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRwwGgYDVQQK
ExNDaXNjbyBTeXN0ZW1zLCBJbmMuMQ4wDAYDVQQLEwVOU1NURzEWMBQGA1UEAxMN
Sm9obiBMYXV0bWFubjEhMB8GCSqGSIb3DQEJARYSamxhdXRtYW5AY2lzY28uY29t
MB4XDTA2MTExNzE3NTgwMVoXDTA5MTExNjE3NTgwMVowgZ4xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMREwDwYDVQQHEwhTYW4gSm9zZTEcMBoGA1UE
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
1836