Cisco IOS certificate storage

The way IOS stores certificates depends on enrolment method. 

Certificates enrolled via command line or SCEP are stored in config:

R1#show run | begin crypto pki certificates
crypto pki certificate chain ORCA1-CA
 certificate ca 37A15821A55DD2864B62A67B6EFD5429
  3082038A 30820272 A0030201 02021037 A15821A5 5DD2864B 62A67B6E FD542930

Certificates installed via SDM are stored in NVRAM:

R2#dir nvram:
Directory of nvram:/

   45  -rw-      1629                       startup-config
   46  ----        7636                      private-config
    1  -rw-           4                        rf_cold_starts
    2  -rw-           0                        ifIndex-table
    3  -rw-         910                      ORCA1-CA#5429CA.cer
    4  -rw-         571                      IOS-CA-R2OUK#7401CA.cer

When the built-in IOS CA server is enabled, the CA cert is stored in NVRAM.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.