Enhanced Certificate Management Through GUI

The Public Key Infrastructure (PKI) Management page now displays the following tabs:

Trustpoints tab: Used to add, create or enroll a new trustpoint. This also displays the current Trustpoints configured on the controller and other details of the trustpoint. You can also see if the trustpoint is in use for any of the features.

CA Server tab: Used to enable or disable the Certificate Authority (CA) server functionality on the controller. The CA server functionality should be enabled for the controller to generate a Self-Signed Certificate (SSC).

Key Pair Generation tab: Used to generate key pairs.

Certificate Management tab: Used to generate and manage certificates, and perform all certificate related operations, on the controller.

Cisco IOS XE Amsterdam 17.3.1

Enhanced Certificate Management Through GUI

New tab Trustpool

Cisco IOS XE Bengaluru 17.5.1

Intermediate CA support for AP authentication

The following commands have been introduced to import the complete certificate chain to the Trustpool in case the LSC certificate has been obtained from an intermediary CA. This is applicable for all other multi- tier certificates as well.

crypto pki trustpool import

Cisco IOS XE Bengaluru 17.5.1

Support for both MIC and LSC APs to join the same C9800

The following commands have been introduced to configure AP authorization policy.

• ap auth-list ap-cert-policy allow-mic-ap

• ap auth-list ap-cert-policy allow-mic-ap trustpoint <trustpoint-name>

• ap auth-list ap-cert-policy{mac-address AP-EthenetMAC-address | serial number AP serial-number}policy-type mic

• show ap auth-list ap-cert-policy

Cisco IOS XE Bengaluru 17.5.1