When you boot up the 3node topology within your all-in-one (AiO) VM, each instance will automatically get a CA-signed certificate signed by our "simpleCA" scripts. There will also be a ca.pem root certificate file within the "cisco" user's home directory. If you have physical routers, and you'd like to use the same root certificate, follow these steps.
On the physical router, configure a trustpoint for the simpleCA CA:
Router(config)#crypto pki trustpoint simpleCA Router(ca-trustpoint)#enrollment terminal pem Router(ca-trustpoint)#revocation-check none Router(ca-trustpoint)#exit
Next, copy the contents of ~cisco/ca.pem from the AiO VM into your copy buffer. On the physical router, enter the following command:
Router(config)#crypto pki authenticate simpleCA input (cut & paste) CA certificate (chain) in PEM format; end the input with a line containing only END OF INPUT :
At this point, paste the contents of ca.pem into the terminal (remember to include the ---BEGIN and ---END markers!).
Next, on the AiO VM, change directory to ~cisco/.simpleCA, and run the following command:
cisco@onepk:~/.simpleCA$ ./createNEp12.sh -cn HOSTNAME -ip IP_ADDR -out HOSTNAME.p12 -pass PASSWORD
Where HOSTNAME is the short hostname of your router, IP_ADDR is the router's management IP address, and PASSWORD is a password for your cert.
Next, copy the HOSTNAME.p12 file to your router's flash. Then enter the following command on the router:
Router(config)#crypto pki import onepTP pkcs12 flash://HOSTNAME.p12 password PASSWORD
Again, PASSWORD is the password you used when you generated the certificate above.
At this point, you should be able to use your onePK applications with the same ca.pem file from the AiO VM.