How To Use the All-In-One SimpleCA For a Physical Router

Document created by jclarke on Feb 11, 2014
Version 1Show Document
  • View in full screen mode

When you boot up the 3node topology within your all-in-one (AiO) VM, each instance will automatically get a CA-signed certificate signed by our "simpleCA" scripts.  There will also be a ca.pem root certificate file within the "cisco" user's home directory.  If you have physical routers, and you'd like to use the same root certificate, follow these steps.


On the physical router, configure a trustpoint for the simpleCA CA:


Router(config)#crypto pki trustpoint simpleCA
Router(ca-trustpoint)#enrollment terminal pem
Router(ca-trustpoint)#revocation-check none


Next, copy the contents of ~cisco/ca.pem from the AiO VM into your copy buffer.  On the physical router, enter the following command:


Router(config)#crypto pki authenticate simpleCA
input (cut & paste) CA certificate (chain) in PEM format;
end the input with a line containing only END OF INPUT :


At this point, paste the contents of ca.pem into the terminal (remember to include the ---BEGIN and ---END markers!).


Next, on the AiO VM, change directory to ~cisco/.simpleCA, and run the following command:


cisco@onepk:~/.simpleCA$ ./ -cn HOSTNAME -ip IP_ADDR -out HOSTNAME.p12 -pass PASSWORD


Where HOSTNAME is the short hostname of your router, IP_ADDR is the router's management IP address, and PASSWORD is a password for your cert.


Next, copy the HOSTNAME.p12 file to your router's flash.  Then enter the following command on the router:


Router(config)#crypto pki import onepTP pkcs12 flash://HOSTNAME.p12 password PASSWORD


Again, PASSWORD is the password you used when you generated the certificate above.


At this point, you should be able to use your onePK applications with the same ca.pem file from the AiO VM.