Custom PKI Trust-Profile

Evelyn Riha · ‎11-02-2016

Hi,

Is there a way to change the trust profile name in APIC-EM PKI broker or create a new one?

In the documentation I could only find the following information:

trustProfileName (string): Name of trust-profile (must already exist). Default: sdn-network-infra-iwan,

Many thanks,

Evelyn

cchitnis · ‎11-02-2016

What are you trying to create trust profile for? iWAN or something else?

For iWAN, the APIC-EM iWAN App will create the trust point for you, through PKI broker. You don't have to explicitly create it. It's a part of Cisco validated design (CVD) for iWAN.

For anything else, you can use corresponding REST API (POST) to create one. Here are the APIs for PKI broker, exposed in swagger:

https://<APIC-EM controller IP>/swagger#!/pki-broker

Evelyn Riha · ‎11-02-2016

We're not using iWAN app but using the REST API with a script for the trustpoint configs.

My script is creating a trustpoint for each device with a API call and until now I've always used the sdn-network-infra-iwan name but it would be nice to have another name for it as we're not using the iWAN. E.g. a trust profile with the name "my-ipsec-ca" for my trustpoints.

I couldn't something to modify this name within APIC - neither in the APIs nor in the GUI.

aluktuke · ‎11-02-2016

Hi Evelyn,

Currently only the default "sdn-network-infra-iwan" profile is supported for the /trust-point POST API.

Thanks,

Ashutosh