手动从CA申请自己的证书:

泰克实验室塑造

r1(config)#crypto pki authenticate r1         R1请求CA公钥证书,把这串数复制从CA上复制下来.
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIIB8zCCAVygAwIBAgIBATANBgkqhkiG9w0BAQQFADANMQswCQYDVQQDEwJyMjAe
Fw0xMDAxMjMxODM4NTVaFw0xMzAxMjIxODM4NTVaMA0xCzAJBgNVBAMTAnIyMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1tSsbvhEyRbig4kocFaZsOI4rHibU
ssE7YJK8Ilt+pJUAShH30sHfTzncBY/nTWLDCmRBUZhvk4YnfklEvOXN0wmLLmbJ
vadgGF186zWX7LUuZ1K2bGof67wF15XU9bZLE2BmmaO7+sBoiQ8Edo3H93Wt2LwK
x09gUJGHVkZOkwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE
AwIBhjAfBgNVHSMEGDAWgBQhrvwJFzOBNdTaTznIIZ4MILjQtzAdBgNVHQ4EFgQU
Ia78CRczgTXU2k85yCGeDCC40LcwDQYJKoZIhvcNAQEEBQADgYEAefx22XTBQAU7
bhIJ9U2yVu/rAo2Geroxx8LgHRI2UkuVBwH0G/CV+hJOAy4geweFNB5WKNlBOvrn
KB/n4+wkxOd475cZhPsLfAKuFp8zUxeaTO7cvkTQMCpBqCLLjfV3QVk7jOQzw5//
E4AoSgmAGcjulQz+42sXfjrypfT3DII=
-----END CERTIFICATE-----
quit
Certificate has the following attributes:
       Fingerprint MD5: 2FCC9572 9AA0B064 1AE4CBF4 459F8D2D
      Fingerprint SHA1: 4CD67502 87310869 1716BFA7 AB96CE22 EFD721D8
% Do you accept this certificate? [yes/no]:  
yes
Trustpoint CA certificate accepted.
% Certificate successfully imported


r1(config)#crypto pki enroll r1  ------------------------------请求自己的签名证书,把这个请求发到CA上去.这个请求是R1产生的
% Start certificate enrollment ..
% The subject name in the certificate will include: r1.cisco.com
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: yes
Enter Interface name or IP Address[]: 10.1.1.1
Display Certificate Request to terminal? [yes/no]: yes
Certificate Request follows:
MIIBlDCB/gIBADA0MTIwFQYJKoZIhvcNAQkIEwgxMC4xLjEuMTAZBgkqhkiG9w0B
CQIWDHIxLmNpc2NvLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5lXM
WYEyMBAotQMsqc2e7PFDs3vXS759aB/uyB6p+6BL/dBazCRQpeQpB7CgCQ1OS/kq
2N51waD5Jx4+t7EheCJ54pUy4Ydg4z7c/TvHMzlVsKTA9xSy3YUahaTH50CfO0x/
Vvo7CCvIdyaOBa4FR64n85yTSEDA3+iV4MUR48MCAwEAAaAhMB8GCSqGSIb3DQEJ
DjESMBAwDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3DQEBBAUAA4GBAEaQgXUZgCYo
lBHiewFJIEJM2WLVKU5n/S6k7aJ7Umn5mqEFHBQbpjYHpxFmA51o49OBlG2vNp2t
UTnoLqNfC24FszrL5COdbIUQkpZ7vBYGdzRNJpxX1KjSXF5Gs+PiKzT2gi/0y+DP
BJJ+LE46hWt+n9AN3Rl74BR4jfNeHRwr
---End - This line not part of the certificate request---
Redisplay enrollment request? [yes/no]: no


r1(config)#crypto pki import r1 certificate  -------------------------------将从CA下发的自己的证书复制到自己本地
% The IP address in the certificate is 10.1.1.1
Enter the base 64 encoded certificate.
End with a blank line or the word "quit" on a line by itself
MIICCTCCAXKgAwIBAgIBBzANBgkqhkiG9w0BAQQFADANMQswCQYDVQQDEwJyMjAe
Fw0xMDAxMjMxOTU3NTBaFw0xMTAxMjMxOTU3NTBaMDQxMjAVBgkqhkiG9w0BCQgT
CDEwLjEuMS4xMBkGCSqGSIb3DQEJAhYMcjEuY2lzY28uY29tMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQDmVcxZgTIwECi1AyypzZ7s8UOze9dLvn1oH+7IHqn7
oEv90FrMJFCl5CkHsKAJDU5L+SrY3nXBoPknHj63sSF4InnilTLhh2DjPtz9O8cz
OVWwpMD3FLLdhRqFpMfnQJ87TH9W+jsIK8h3Jo4FrgVHrifznJNIQMDf6JXgxRHj
wwIDAQABo1IwUDAOBgNVHQ8BAf8EBAMCBaAwHwYDVR0jBBgwFoAUIa78CRczgTXU
2k85yCGeDCC40LcwHQYDVR0OBBYEFOxYL8RB6mj/sMPXr78voyUx4e+tMA0GCSqG
SIb3DQEBBAUAA4GBAAIdHlld4ub0VziiR8cfmEOwOMaho7FEbTP3wQEENHG8pb4k
5+jh5NQ/TNt73YbI45nBJbVRAX/Qcp791t13oo4GKcQQzmVWypcoAxK+rNxw8C9r
W3YVKxF3GIbjlSYkLlUwv9ff8PX/tBZPMzk+RU/pLvMWhYq29AH4xeMOYyuN
quit
% Router Certificate successfully imported