Cisco Cisco IOS Software Release 12.3(1) Technisches Handbuch

Introduction
 Prerequisites
      Requirements
      Components Used
      Conventions
 Configure
      Backup the IOS CA Server
      Restore the IOS CA Server
 Verify
 Troubleshoot
 Related Information

This document describes how to backup and restore an IOS

®

 Certificate Authority (CA) server for Cisco IOS

software.

Refer to Configure and Enroll a Cisco VPN 3000 Concentrator to a Cisco IOS Router as a CA Server in order
to learn more about how to configure a Cisco IOS router as a CA server.

Before you configure a Cisco IOS certificate server, it is important that you have planned for and chosen
appropriate values for the settings you intend to use within your PKI (such as certificate lifetimes and
certificate revocation list (CRL) lifetimes). After the settings are configured in the certificate server and
certificates are granted, settings cannot be changed without having to reconfigure the certificate server and
re−enrolling the peers. For information on certificate server default settings and recommended settings, refer
to Certificate Server Default Values and Recommended Values.

The certificate server supports Simple Certificate Enrollment Protocol (SCEP) over HTTP. The HTTP server
must be enabled on the router for the certificate server to use SCEP. (In order to enable the HTTP server, use
the ip http server command.) The certificate server automatically enables or disables SCEP services after the
HTTP server is enabled or disabled. If the HTTP server is not enabled, only manual PKCS10 enrollment is
supported.

Time services must be running on the router because the certificate server must have reliable time knowledge.