How to request and install an SSL Certificate on a Cisco router.
Create a new trustpoint
R01(config)#Â crypto pki trustpoint vpn.example.com-2019 R01(ca-trustpoint)#Â enrollment terminal R01(ca-trustpoint)#Â serial-number none R01(ca-trustpoint)#Â fqdn vpn.example.com R01(ca-trustpoint)#Â ip-address none R01(ca-trustpoint)#Â $subject-name CN=vpn.example.com,O=Example,OU=IT,L=Guernsey,ST=Guernsey,C=GG R01(ca-trustpoint)#Â revocation-check none R01(ca-trustpoint)#Â exit
Generate CSR Request
R01(config)#Â cry pki enroll vpn.example.com-2019 % Start certificate enrollment ..
Send the generated CSR to a certificate authority, then download the certificate and the intermediate certificate in base 64 format.
Import the certificates
R01(config)#Â crypto pki authenticate vpn.example.com-2019 Enter the base 64 encoded CA certificate. End with a blank line or the word âquitâ on a line by itself Trustpoint âvpn.example.com-2019â is a subordinate CA and holds a non self sgned cert Certificate has the following attributes: Fingerprint MD5: Fingerprint SHA1: % Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate accepted. % Certificate successfully imported R01(config)# crypto pki import vpn.example.com-2019 certificate Enter the base 64 encoded certificate. End with a blank line or the word âquitâ on a line by itself % Router Certificate successfully imported
Â
Reconfigure the SSL-VPN to point to the new trustpoint
R01(config)#Â webvpn gateway Cisco-WebVPN-Gateway R01(config-webvpn-gateway)#Â ssl trustpoint vpn.example.com-2019 R01(config-webvpn-gateway)#Â end
Â
Made with Bullet