Cisco CCNA (640-553) Security Training – Using the "Certificate" Command
In today's article, I'm going to quickly inform you about the Cisco IOS certificate chain configuration mode command named "certificate" .
Network administrators (like you) use the "certificate" command to manually add or delete certificates.
Below is the command syntax:
certificate certificate-serial-number
As you can see, the command is very easy to implement; the certificate-serial-number argument, is the serial number of the certificate that is to be either added or deleted.
In the examples below, the certificate with the serial number of "0123456789ABCDEF0123456789ABCDEF" is being added; then deleted. (Example # 1 is adding and Example # 2 is deleting)
Example # 1
Router> enable
Router # configure terminal
Router (config) #crypto ca certificate chain ittechtipsca
Router (config-cert-chain) # certificate 0123456789ABCDEF0123456789ABCDEF
Router (config-cert-chain) #end
Router # copy run start
Example # 2
Router> enable
Router # configure terminal
Router (config) #crypto ca certificate chain ittechtipsca
Router (config-cert-chain) # no certificate 0123456789ABCDEF0123456789ABCDEF
% Are you sure you want to remove the certificate [yes / no]? yes
% Be sure to ask the CA administrator to revoke this certificate.
Router (config-cert-chain) #end
Router # copy run start
As you can see, the way to delete a certificate is to type the word " no " in front of the command.
And, if you decide to use the command, make sure your router (s) is running Cisco IOS 11.3 T or higher.
I hope this article was very informative and helped you quickly understand the usage of the certificate command. If you need to learn more; I suggest you visit my website, were you'll find the latest information regarding the Cisco CCNA (640-553) Security exam techniques.
To your success,
