Configuring Trustpoints on Cisco Catalyst 9800 Series Controllers

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Results

Updated:: April 26, 2021

Chapter: Additional References for Trustpoint Configuration on Catalyst 9800

Additional References for Trustpoint Configuration on Catalyst 9800

Additional References for Trustpoint Configuration on Catalyst 9800

To get a detailed understanding of a particular area of trustpoint configuration, refer to the following documents:


Related Topic	Document Title
To understand the PKI Implentation	Public Key Infrastructure Configuration Guide, Cisco IOS XE Release 3S
To configure SCEP for LSC and use that for AP Join on Catalyst 9800 controllers	Configure SCEP for Locally Significant Certificate Provisioning on 9800 WLC
To understand of CSR generation and Third-Party Certiifcates for Catalyst 9800 controllers	Generate CSR for Third-Party Certificates and Download Chained Certificates to Catalyst 9800 Wireless Controllers
To understand how to generate a self-signed certificate using Day 0 wizard on the Catalyst 9800-CL virtual controller	Cisco Catalyst C9800-CL Wireless Controller Virtual Deployment Guide
To understand trustpoint configuration for local eap authentication on Catalyst 9800 controllers	Local EAP authentication on Catalyst 9800 WLC configuration example
To understand trustpoint related best practices for Catalyst 9800 controllers	Cisco Catalyst 9800 Series Configuration Best Practices

Examples of certificates available on Catalyst 9800

Here are a few examples of certificates available on the controller.

Manufacturing Installed Certificate

The following certificates are hardcoded in the physical appliance and used for AP Join by default.

Trustpoint CISCO_IDEVID_SUDI_LEGACY:
Subject Name:
cn=Cisco Manufacturing CA
o=Cisco Systems
Serial Number (hex): 6A6967B3000000000003
Certificate configured.

Trustpoint CISCO_IDEVID_SUDI_LEGACY0:
Subject Name:
cn=Cisco Root CA 2048
o=Cisco Systems
Serial Number (hex): 5FF87B282B54DC8D42A315B568C9ADFF
Certificate configured.

Trustpoint CISCO_IDEVID_SUDI:
Subject Name:
cn=Cisco Manufacturing CA SHA2
o=Cisco
Serial Number (hex): 02
Certificate configured.
Trustpoint CISCO_IDEVID_SUDI0:
Subject Name:
cn=Cisco Root CA M2
o=Cisco
Serial Number (hex): 01
Certificate configured.

Self-signed certificate available at startup or generated after factory reset

The following certificates can be used for webadmin, webauth or any other service by default, in the absence of a third-party certificate.

Trustpoint TP-self-signed-908292385:
Subject Name:
cn=IOS-Self-Signed-Certificate-908292385
Serial Number (hex): 01
Persistent self-signed certificate trust point
Using key label TP-self-signed-908292385

Trustpoint SLA-TrustPoint:
Subject Name:
cn=Cisco Licensing Root CA
o=Cisco
Serial Number (hex): 01
Certificate configured.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)