![]() In this case, both 'Server Authentication' and 'Client Authentication' are seen on the server certificate and client certificate respectively, which is acceptable. Typically, the same CA is used to sign both the client and server certificates. The certificate must have the EKU fields set to 'Server Authentication' for Cisco IOS and 'Client Authentication' for the client. Issuer-name cn=,ou=TAC,o=ciscoĬonfigure Cisco IOS Headend Obtain a Certificate If you use a Cisco IOS CA server, make sure you use the most recent Cisco IOS Software release, which assigns the EKU. KeyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEnciphermentĮxtendedKeyUsage = serverAuth, clientAuth Cisco IOS CA Server ![]() The 'config' file for the OpenSSL server should have: OpenSSL CA is based on the 'config' file. However, the steps in this section show you how to configure the CA so it can issue certificates for this kind of deployment. This document does not provide detailed steps on how to set up a CA. Note: Use the Command Lookup Tool ( registered customers only) in order to obtain more information on the commands used in this section. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |