DNS(config)#crypto pki export PKI_SERVER pem terminal
% The specified trustpoint is not enrolled (PKI_SERVER).
% Only export the CA certificate in PEM format.
% CA certificate:
-----BEGIN CERTIFICATE-----
MIICAzCCAWygAwIBAgIBATANBgkqhkiG9w0BAQQFADAVMRMwEQYDVQQDDApQS0lf
U0VSVkVSMB4XDTIxMDExMzAwMTA0MFoXDTI0MDExMzAwMTA0MFowFTETMBEGA1UE
AwwKUEtJX1NFUlZFUjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy6sEoygy
QGus5vwhUGD6bcoUyzB8P46WV1edog01VGoNXtaKIfFB3XhFZLr17aQrtZ6O2Qqm
GLt3LoxbHeaKjgZA3+ymV0qEEcU6eq9ZF35ZHs/ndb0q8BrpgcKHdXxpafxvWamT
bo7Ge1xV7OaNntn7ZaGwl+svLr3iXS8l9l8CAwEAAaNjMGEwDwYDVR0TAQH/BAUw
AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHwYDVR0jBBgwFoAUj4XqYIU6zUeBZA0Ha/xw
081MsHUwHQYDVR0OBBYEFI+F6mCFOs1HgWQNB2v8cNPNTLB1MA0GCSqGSIb3DQEB
BAUAA4GBABOmXVALPeHIR2GZC2Gx+x4+hd0pUKkIb6PfRC2YRQlvBhfTzeBLdrVe
mozZFDVEgrQcDAr4u5R6wTNwNAhMuU2vs0uJ7ds0YBFy3TFOt3pBXNnazqrV2ClZ
JTuTzd3W4nHTQAG3Iofd6oNv3jKCiSuVU6jq4WHqnMuOy2SydvOp
-----END CERTIFICATE-----
crypto key generate rsa label PKI modulus 1024
The name for the keys will be: PKI
% The key modulus size is 1024 bits
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 2 seconds)
crypto pki trustpoint PKI_TP
enrollment terminal
fqdn vpn7.test.com
subject-name cn=vpn7.test.com
revocation-check none
rsakeypair PKI
R7(config)#crypto pki authenticate PKI_TP
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIICAzCCAWygAwIBAgIBATANBgkqhkiG9w0BAQQFADAVMRMwEQYDVQQDDApQS0lf
U0VSVkVSMB4XDTIxMDExMzAwMTA0MFoXDTI0MDExMzAwMTA0MFowFTETMBEGA1UE
AwwKUEtJX1NFUlZFUjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAy6sEoygy
QGus5vwhUGD6bcoUyzB8P46WV1edog01VGoNXtaKIfFB3XhFZLr17aQrtZ6O2Qqm
GLt3LoxbHeaKjgZA3+ymV0qEEcU6eq9ZF35ZHs/ndb0q8BrpgcKHdXxpafxvWamT
bo7Ge1xV7OaNntn7ZaGwl+svLr3iXS8l9l8CAwEAAaNjMGEwDwYDVR0TAQH/BAUw
AwEB/zAOBgNVHQ8BAf8EBAMCAYYwHwYDVR0jBBgwFoAUj4XqYIU6zUeBZA0Ha/xw
081MsHUwHQYDVR0OBBYEFI+F6mCFOs1HgWQNB2v8cNPNTLB1MA0GCSqGSIb3DQEB
BAUAA4GBABOmXVALPeHIR2GZC2Gx+x4+hd0pUKkIb6PfRC2YRQlvBhfTzeBLdrVe
mozZFDVEgrQcDAr4u5R6wTNwNAhMuU2vs0uJ7ds0YBFy3TFOt3pBXNnazqrV2ClZ
JTuTzd3W4nHTQAG3Iofd6oNv3jKCiSuVU6jq4WHqnMuOy2SydvOp
-----END CERTIFICATE-----
quit
Certificate has the following attributes:
Fingerprint MD5: 3A933F8E 7660BA79 A32E36D5 C04134CD
Fingerprint SHA1: 318DA1D7 532825A6 55E4A9EB 8545BB67 1F0CE5A5
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
R7(config)#crypto pki enroll PKI_TP
% Start certificate enrollment ..
% The subject name in the certificate will include: cn=vpn7.test.com
% The subject name in the certificate will include: vpn7.test.com
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
% Please answer 'yes' or 'no'.
% Include an IP address in the subject name? [no]: no
Display Certificate Request to terminal? [yes/no]: yes
Certificate Request follows:
MIIBlzCCAQACAQAwNjEWMBQGA1UEAxMNdnBuNy50ZXN0LmNvbTEcMBoGCSqGSIb3
DQEJAhYNdnBuNy50ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
ocauOhq4eXOT5B4be14lbWnn2N7pUKbxTwU6U7+KWfXocKFTNrui1n+GgaqF2LQW
M4ueddDLg9OStZwev7QDO2As69fzxXrnsJ3kOROnezZAfFmvQlT+QIK0199vVjgV
amy5NdyCbJVIJ3AW/tSMplKyVx36I9hHR2JP9p0EAQECAwEAAaAhMB8GCSqGSIb3
DQEJDjESMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBBQUAA4GBAEMo5jWy
VPwOaN2sPH7rQ+EHnEkqFqrQQxI0LPIrq2Kq8amPM5gkOqUNensGOemsTNEO4DGa
dfn8skIyRwSsd0bcJ5MIPjUdkF8QONVpYR2sNPZYnPO6AcugaTt3Zfy0BCvWLCsd
msUR0uCF8569SOg/PAh+6F5lDJBZbig1sgdD
---End - This line not part of the certificate request---
DNS#crypto pki server PKI_SERVER request pkcs10 terminal base64
PKCS10 request in base64 or pem
% Enter Base64 encoded or PEM formatted PKCS10 enrollment request.
% End with a blank line or "quit" on a line by itself.
MIIBlzCCAQACAQAwNjEWMBQGA1UEAxMNdnBuNy50ZXN0LmNvbTEcMBoGCSqGSIb3
DQEJAhYNdnBuNy50ZXN0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
ocauOhq4eXOT5B4be14lbWnn2N7pUKbxTwU6U7+KWfXocKFTNrui1n+GgaqF2LQW
M4ueddDLg9OStZwev7QDO2As69fzxXrnsJ3kOROnezZAfFmvQlT+QIK0199vVjgV
amy5NdyCbJVIJ3AW/tSMplKyVx36I9hHR2JP9p0EAQECAwEAAaAhMB8GCSqGSIb3
DQEJDjESMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBBQUAA4GBAEMo5jWy
VPwOaN2sPH7rQ+EHnEkqFqrQQxI0LPIrq2Kq8amPM5gkOqUNensGOemsTNEO4DGa
dfn8skIyRwSsd0bcJ5MIPjUdkF8QONVpYR2sNPZYnPO6AcugaTt3Zfy0BCvWLCsd
msUR0uCF8569SOg/PAh+6F5lDJBZbig1sgdD
quit
% Granted certificate:
MIICEzCCAXygAwIBAgIBAjANBgkqhkiG9w0BAQQFADAVMRMwEQYDVQQDDApQS0lf
U0VSVkVSMB4XDTIxMDExMzAwNDMzNloXDTIyMDExMzAwNDMzNlowNjEWMBQGA1UE
AxMNdnBuNy50ZXN0LmNvbTEcMBoGCSqGSIb3DQEJAhYNdnBuNy50ZXN0LmNvbTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAocauOhq4eXOT5B4be14lbWnn2N7p
UKbxTwU6U7+KWfXocKFTNrui1n+GgaqF2LQWM4ueddDLg9OStZwev7QDO2As69fz
xXrnsJ3kOROnezZAfFmvQlT+QIK0199vVjgVamy5NdyCbJVIJ3AW/tSMplKyVx36
I9hHR2JP9p0EAQECAwEAAaNSMFAwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaA
FI+F6mCFOs1HgWQNB2v8cNPNTLB1MB0GA1UdDgQWBBSAFT/Je9EURX3lzYPeqc1E
OmjLuDANBgkqhkiG9w0BAQQFAAOBgQApXGdJrB/4ZIfHiprKJGeyOPXAPtqQeEsH
0hB27hZrDzMa5wPaTR4JPF0QmpxNHJSh7ivNZ0DqpoUaui0RRnlScvJPfaOIPuc2
XIJ2SFJJYSZslpcglviyBXlZ6Ta4kZ4X8AMqAvIOgKZ0NQgH0/q704SmK561X/3/
gSQExQ+7uw==
Redisplay enrollment request? [yes/no]: no
R7(config)#cryp
R7(config)#crypto pki
R7(config)#crypto pki iimp
R7(config)#crypto pki imp
R7(config)#crypto pki import PKI_TP cer
R7(config)#crypto pki import PKI_TP certificate
Enter the base 64 encoded certificate.
End with a blank line or the word "quit" on a line by itself
MIICEzCCAXygAwIBAgIBAjANBgkqhkiG9w0BAQQFADAVMRMwEQYDVQQDDApQS0lf
U0VSVkVSMB4XDTIxMDExMzAwNDMzNloXDTIyMDExMzAwNDMzNlowNjEWMBQGA1UE
AxMNdnBuNy50ZXN0LmNvbTEcMBoGCSqGSIb3DQEJAhYNdnBuNy50ZXN0LmNvbTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAocauOhq4eXOT5B4be14lbWnn2N7p
UKbxTwU6U7+KWfXocKFTNrui1n+GgaqF2LQWM4ueddDLg9OStZwev7QDO2As69fz
xXrnsJ3kOROnezZAfFmvQlT+QIK0199vVjgVamy5NdyCbJVIJ3AW/tSMplKyVx36
I9hHR2JP9p0EAQECAwEAAaNSMFAwDgYDVR0PAQH/BAQDAgWgMB8GA1UdIwQYMBaA
FI+F6mCFOs1HgWQNB2v8cNPNTLB1MB0GA1UdDgQWBBSAFT/Je9EURX3lzYPeqc1E
OmjLuDANBgkqhkiG9w0BAQQFAAOBgQApXGdJrB/4ZIfHiprKJGeyOPXAPtqQeEsH
0hB27hZrDzMa5wPaTR4JPF0QmpxNHJSh7ivNZ0DqpoUaui0RRnlScvJPfaOIPuc2
XIJ2SFJJYSZslpcglviyBXlZ6Ta4kZ4X8AMqAvIOgKZ0NQgH0/q704SmK561X/3/
gSQExQ+7uw==
quit
% Router Certificate successfully imported
username cisco secret cisco123
webvpn gateway SSLVPN_GATEWAY
hostname SSLVPN_GATEWAY
ip interface GigabitEthernet0/0 port 8443
http-redirect port 80
ssl trustpoint PKI_TP
inservice
!
webvpn context SSLVPN_CONTEXT
aaa authentication list SSLVPN
gateway SSLVPN_GATEWAY
user-profile location flash:vpn-profile
!
ssl authenticate verify all
!
inservice
!
policy group SSLVPN_CONTEXT_POLICY
default-group-policy SSLVPN_CONTEXT_POLICY
Open a web browser, navigate to https://vpn7.test.com. Authenticate with the username/password configured.
Once authenticated, you can see that the connection was successful.
Username : cisco Num Connection : 2
Public IP : 101.0.0.101 VRF Name : None
Context : SSLVPN_CONTEXT Policy Group : SSLVPN_CONTEXT_POLIC
Last-Used : 00:00:15 Created : *02:47:57.281 UTC Wed Jan 13 2021
Session Timeout : 3600 Idle Timeout : 7200
Citrix : Disabled Citrix Filter : None
Url List : R38_HTTP
Client Ports : 49737 49738
Username : cisco Num Connection : 2
Public IP : 101.0.0.101 VRF Name : None
Context : SSLVPN_CONTEXT Policy Group : SSLVPN_CONTEXT_POLIC
Last-Used : 00:00:15 Created : *02:47:57.281 UTC Wed Jan 13 2021
Session Timeout : 3600 Idle Timeout : 7200
Citrix : Disabled Citrix Filter : None
Url List : R38_HTTP
Client Ports : 49737 49738
