路由的配置
r1(config)#ip domain name liang.com
r1(config)#ip host contoso.com.local 202.1.100.102 AD的域名与ip
r1(config)#crypto key generate rsa usage-keys
The name for the keys will be: r1.liang.com
Choose the> Signature Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
Choose the> Encryption Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
enrollment mode ra
enrollment url http:202.1.100.102:80/certsrv/mscep/mscep.dll
revocation-check crl
r1(ca-trustpoint)#subject-name cn=r2 ou=cisco i=zhengzhou
r1(config)#crypto pki authenticate 202.1.100.102
Certificate has the following attributes:
Fingerprint MD5: A3267F58 9A9EC6F7 B829A0B8 8CDC239F
Fingerprint SHA1: 840B5626 DC206B25 D422C745 027BE178 D9E43920
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
r1(config)#crypto pki en
r1(config)#crypto pki enroll 202.1.100.102
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password: password是CA主页上的验证码
Re-enter password:
% The subject name in the certificate will include: cn=r2 ou=cisco i=zhengzhou
% The subject name in the certificate will include: r1.liang.com
% Include the router serial number in the subject name? [yes/no]: yes
% The serial number in the certificate will be: 00000000
% Include an IP address in the subject name? [no]: no
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The 'show crypto ca certificate 202.1.100.102 verbose' command will show the fingerprint.
r1(config)#
May 18 18:17:14.655: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: D08E0D15 6458B730 80F420E7 50C7674C
May 18 18:17:14.659: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 29F834C3 0C394456 D8149A94 312C9D1A 222F0802
r1(config)#
May 18 18:17:15.999: CRYPTO_PKI: Encryption Certificate Request Fingerprint MD5: AAF76201 20AB21BB F9A95518 ECBD7173
May 18 18:17:16.007: CRYPTO_PKI: Encryption Certificate Request Fingerprint SHA1: 68D2A55C 39E71321 DDF2E5DD 913B2D56 B5F579D2
r1(config)#
May 18 18:18:30.399: %PKI-6-CERTRET: Certificate received from Certificate Authority
r1(config)#
May 18 18:18:42.011: %PKI-6-CERTRET: Certificate received from Certificate Authority
如果验证码不对
r3(config)#crypto pki enroll 202.1.100.102
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password:
Re-enter password:
% The subject name in the certificate will include: cn=r3 ou=nongda
% The subject name in the certificate will include: r3.liang.com
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The 'show crypto ca certificate 202.1.100.102 verbose' command will show the fingerprint.
r3(config)#
May 18 18:10:24.230: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 3DAD7EC7 79B03CA2 562BDF92 28D9F25A
May 18 18:10:24.234: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 72CBA0CB 1B060C8A EF95B12A 36BCAB99 5065E107
r3(config)#
May 18 18:10:25.582: CRYPTO_PKI: Encryption Certificate Request Fingerprint MD5: F0FA2EFE 11928FB6 33281E25 D53C1AFF
May 18 18:10:25.586: CRYPTO_PKI: Encryption Certificate Request Fingerprint SHA1: 35ADC86F 3F46A70F A7B5FB0A 8164638E B3BEC32B
r3(config)#
May 18 18:10:27.066: %PKI-6-CERTREJECT: Certificate enrollment request was rejected by Certificate Authority
May 18 不能被授权的
QQ群⑧:
窥视卡
雷达卡
发表于 2018-7-11 10:17:57
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡