Configuring a Trustpoint Certificate Authority

For more information, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-installation-and-configuration-guides-list.html/

Configuring Trustpoint Enrollment

Configuring Trustpoint Enrollment

POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

{
  "pkiEp": {
    "children": [
      {
        "pkiTP": {
          "attributes": {
            "enrollmentType": "terminal",
            "name": "TP1"
}}}]}}

{
    imdata:[]
}

<System>
  <userext-items>
    <pkiext-items>
      <tp-items>
        <TP-list>
          <name>TP1</name>
          <enrollmentType>terminal</enrollmentType>
        </TP-list>
      </tp-items>
    </pkiext-items>
  </userext-items>
</System>

Note: This example was added in Release 9.3(5).


CLI Commands

The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

crypto ca trustpoint TP1
  enrollment terminal


Verifying a DME Configuration

The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

MODN
pkiEp sys/userext/pkiext
pkiTP sys/userext/pkiext/tp-[TP1]


pkiTP Properties

The following table contains information about the pkiTP properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

Property NameData TypeDescriptionValues
enrollmentType
pki:CertEnrollType
scalar:Enum8		NO COMMENTSSELECTION:
  • 0 - none
  • 1 - terminal
  • DEFAULT: none(0)
    • name
    pol:ObjName
    string:Basic    		The name of the certificate authority (CA or trustpoint). RANGE: Min: "1" Max: "64"


    Related Documentation

    For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

    http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

    See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

    https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

    For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

    https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

    Deleting Trustpoint Enrollment

    Deleting Trustpoint Enrollment

    POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

    {
  "pkiEp": {
    "children": [
      {
        "pkiTP": {
          "attributes": {
            "enrollmentType": "none",
            "name": "TP1"
}}}]}}

    {
    imdata:[]
}

    <System>
  <userext-items>
    <pkiext-items>
      <tp-items>
        <TP-list>
          <name>TP1</name>
          <enrollmentType>none</enrollmentType>
        </TP-list>
      </tp-items>
    </pkiext-items>
  </userext-items>
</System>

    Note: This example was added in Release 9.3(5).


    CLI Commands

    The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

    crypto ca trustpoint TP1
      no enrollment terminal


    Verifying a DME Configuration

    The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

    MODN
    pkiEp sys/userext/pkiext
    pkiTP sys/userext/pkiext/tp-[TP1]


    pkiTP Properties

    The following table contains information about the pkiTP properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

    Property NameData TypeDescriptionValues
    enrollmentType
    pki:CertEnrollType
    scalar:Enum8    		NO COMMENTSSELECTION:
  • 0 - none
  • 1 - terminal
  • DEFAULT: none(0)
    • name
    pol:ObjName
    string:Basic    		The name of the certificate authority (CA or trustpoint). RANGE: Min: "1" Max: "64"


    Related Documentation

    For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

    http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

    See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

    https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

    For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

    https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

    Configuring Trustpoint RSA Key-Pair Details

    Configuring Trustpoint RSA Key-Pair Details 

    POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

    {
  "pkiEp": {
    "children": [
      {
        "pkiTP": {
          "attributes": {
            "keyLabel": "SampleString_123",
            "name": "TP1"
}}}]}}

    {
    imdata:[]
}

    <System>
  <userext-items>
    <pkiext-items>
      <tp-items>
        <TP-list>
          <name>TP1</name>
          <keyLabel>SampleString_123</keyLabel>
        </TP-list>
      </tp-items>
    </pkiext-items>
  </userext-items>
</System>

    Note: This example was added in Release 9.3(5).


    CLI Commands

    The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

    crypto ca trustpoint TP1
      rsakeypair SampleString_123 2018


    Verifying a DME Configuration

    The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

    MODN
    pkiEp sys/userext/pkiext
    pkiTP sys/userext/pkiext/tp-[TP1]


    pkiTP Properties

    The following table contains information about the pkiTP properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

    Property NameData TypeDescriptionValues
    keyLabel
    pki:KeyLabel
    string:CharBuffer    		NO COMMENTS RANGE: Min: "0" Max: "64"
    name
    pol:ObjName
    string:Basic    		The name of the certificate authority (CA or trustpoint). RANGE: Min: "1" Max: "64"


    Related Documentation

    For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

    http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

    See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

    https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

    For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

    https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html

    Deleting Trustpoint RSA Key-Pair Details

    Deleting Trustpoint RSA Key-Pair Details

    POST http://<mgmt0_IP>/api/mo/sys/userext/pkiext.json

    {
  "pkiEp": {
    "children": [
      {
        "pkiTP": {
          "attributes": {
            "name": "TP1"
}}}]}}

    {
    imdata:[]
}

    <System>
  <userext-items>
    <pkiext-items>
      <tp-items>
        <TP-list>
          <name>TP1</name>
        </TP-list>
      </tp-items>
    </pkiext-items>
  </userext-items>
</System>

    Note: This example was added in Release 9.3(5).


    CLI Commands

    The CLI commands are equivalent to the payload examples displayed in the pane on the right. Click the DME tab in the top-left corner of the right pane to view the JSON payload. Click the YANG tab to view the XML payload.

    crypto ca trustpoint TP1
      no rsakeypair SampleString_123 2018


    Verifying a DME Configuration

    The following table contains the distinguished name (DN) for each managed object (MO) in the DME payload. Issue a GET request using the DN to verify the configuration was posted or to get information about the configured properties of a particular object.

    MODN
    pkiEp sys/userext/pkiext
    pkiTP sys/userext/pkiext/tp-[TP1]


    pkiTP Properties

    The following table contains information about the pkiTP properties in the DME payload. For more information about the properties and MOs, see the NX-API DME Model Reference linked in the Related Documentation section below.

    Property NameData TypeDescriptionValues
    name
    pol:ObjName
    string:Basic    		The name of the certificate authority (CA or trustpoint). RANGE: Min: "1" Max: "64"


    Related Documentation

    For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference:

    http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html

    See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload:

    https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/

    For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide:

    https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html