To manually add certificates, use the certificate chain configuration command. Use the no form of this command to delete your router's certificate or any RA certificates stored on your router.
certificate certificate-serial-number
no certificate certificate-serial-number
certificate-serial-number Specify the serial number of the certificate to add or delete.
There are no defaults for this command.
Certificate chain configuration (config-cert-chain)
| Release | Modification | 11.3 T | This command was introduced. |
|---|
You could use this command to manually specify a certificate. However, this command is rarely used in this manner. Instead, this command is usually only used to delete certificates.
The following example deletes the router's certificate. In this example, the router had a general purpose RSA key pair with one corresponding certificate. The show command is used in this example to determine the serial number of the certificate to be deleted.
myrouter# show crypto ca certificates
Certificate
Subject Name
Name: myrouter.companyx.com
IP Address: 10.0.0.1
Status: Available
Certificate Serial Number: 0123456789ABCDEF0123456789ABCDEF
Key Usage: General Purpose
CA Certificate
Status: Available
Certificate Serial Number: 3051DF7123BEE31B8341DFE4B3A338E5F
Key Usage: Not Set
myrouter# configure terminal
myrouter(config)# crypto ca certificate chain myca
myrouter(config-cert-chain)# no certificate 0123456789ABCDEF0123456789ABCDEF
% Are you sure you want to remove the certificate [yes/no]? yes
% Be sure to ask the CA administrator to revoke this certificate.
myrouter(config-cert-chain)# exit
myrouter(config)#| Command | Description |
|---|---|
| crypto ca certificate chain | Enters the certificate chain configuration mode. |
Printed for apswan@ctr.ap.nic.in on Wed Mar 5 22:32:57 PST 2003
All material in this document copyright 2000 Cisco Systems, Inc. All rights reserved. No material may be reproduced or distributed without written permission of Cisco Systems, Inc.