User's Manual

ManualsBrandsCisco Systems ManualsSwitchCisco Systems 6500

2-29

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

OL-7310-01

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

crypto pki trustpoint

match certificate map_name [map | override |

skip]

Associates a certificate-based access control list

(ACL) defined with the crypto pki certificate

map command.

map_name—Matches the map_name argument

specified in a previously defined crypto pki

certificate map map_name command.

allow—Allows expired certificates to be accepted.

override—Overrides fields in a certificate.

skip—Skips a certificate validity check.

no Negates a command or set its defaults.

ocsp url url Enters Online Certificate Status Protocol (OCSP)

parameters.

url—All certificates associated with a configured

trustpoint will be checked by the OCSP server at

the specified HTTP URL.

password password (Optional) Configures a challenge password.

primary Specifies the trustpoint as primary.

query certificate Turns on query mode per specified trustpoint,

causing certificates not to be stored locally and to

be retrieved from a remote server.

rsakeypair key-label Specifies the key pair to associate with the

certificate.

regenerate Regenerates keys on reenrollment.

revocation-check {crl | none | ocsp} (Optional) Specifies how this trustpoint looks up a

certificate revocation list when validating a

certificate associated with this trustpoint.

crl —Revocation check by CRL.

none—Ignore revocation check.

ocsp—Revocation check by OCSP.

root tftp hostname filename Defines the TFTP protocol to get the root

certificate of a given certification authority. This

command enables an authenticated root certificate

to be stored as a file on the TFTP server.

serial-number [none] Specifies whether or not to include serial number. Not included

show Shows this router trustpoint.

source interface interface-name Specifies the address of an interface to be used as

the source address for all outgoing TCP

connections associated with a trustpoint.

interface-name—Interface address to be used as

the source address.

Table 2-1 Certiﬁcate-Authority Trustpoint Submode Commands (continued)

Command Purpose and Guidelines Defaults