Installing a Certificate Authority Proxy Function Certificate for LSC Validation in Cisco IOS VPN Router

Cisco IOS VPN Router Trustpoint Enrollment Method

Prev Question Next Question

Question

Which enrollment method does a Cisco IOS VPN router trustpoint use to install a Certificate Authority Proxy Function certificate for LSC validation of a Cisco IP phone client?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

C.

1

Router(config)#crypto pki trustpoint CAPF enrollment terminal authorization username subjectname commonname revocation-check none Router(config)#crypto pki authenticate CAPF Router(config)# Things to Note: -> The enrollment method is terminal because the certificate has to be manually installed on the Router.

References: http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/authentication-authorization-accounting-aaa/116313-configure-anyconnect-00.html.

A Cisco IOS VPN router can use a trustpoint to install a Certificate Authority Proxy Function (CAPF) certificate for LSC validation of a Cisco IP phone client. The CAPF certificate is used to secure the communication between the phone and the Cisco Unified Communications Manager (CUCM). The trustpoint is used to establish trust between the VPN router and the CAPF.

The enrollment method used to install the CAPF certificate depends on the trustpoint configuration. There are several enrollment methods available, including HTTP proxy server, certificate authority server URL, terminal, self-signed, and registration authority.

HTTP proxy server: This method uses an HTTP proxy server to communicate with the CAPF server and request the CAPF certificate.

Certificate authority server URL: This method uses a certificate authority server URL to download the CAPF certificate.

Terminal: This method allows the administrator to manually copy and paste the CAPF certificate into the trustpoint configuration using a terminal session.

Self-signed: This method generates a self-signed CAPF certificate on the VPN router itself. This method is useful for testing and lab environments, but it is not recommended for production environments.

Registration authority: This method uses a registration authority to request and install the CAPF certificate. The registration authority acts as an intermediary between the VPN router and the CAPF server.

In conclusion, the enrollment method used by a Cisco IOS VPN router trustpoint to install a CAPF certificate for LSC validation of a Cisco IP phone client can be any of the above methods depending on the configuration.