The way IOS stores certificates depends on enrolment method.
Certificates enrolled via command line or SCEP are stored in config:
R1#show run | begin crypto pki certificates
crypto pki certificate chain ORCA1-CA
certificate ca 37A15821A55DD2864B62A67B6EFD5429
3082038A 30820272 A0030201 02021037 A15821A5 5DD2864B 62A67B6E FD542930
Certificates installed via SDM are stored in NVRAM:
R2#dir nvram:
Directory of nvram:/
45 -rw- 1629
46 ---- 7636
1 -rw- 4
2 -rw- 0
3 -rw- 910
4 -rw- 571
When the built-in IOS CA server is enabled, the CA cert is stored in NVRAM.
Comments
Post a Comment