When generating a trustpoint, you must specify an enrollment method to be used with the trustpoint. You can use Simple Certificate Enrollment Process (SCEP) as the enrollment method (assuming you are using a Microsoft CA), where you use the enrollment url command to define the URL to be used for SCEP enrollment with the trustpoint you declared. The URL defined should be the URL of your CA.
You can also use manual enrollment as the enrollment method, where you use the enrollment terminal command to paste the certificate received from the CA into the terminal. Both enrollment method procedures are described in this section. Refer to the Cisco Security Appliance Command Line Configuration Guide for further details about the enrollment method.
In order to use SCEP, you need to download the Microsoft SCEP add-on from the following URL:
The SCEP add-on must be installed on the Microsoft CA that you are configuring the certificates on.
Download the SCEP add-on as follows:
Download and run scepsetup.exe.
Select local system account.
Deselect SCEP challenge phrase to enroll.
Enter the details of the CA.
When you click Finish, retrieve the SCEP URL. You use this URL during trustpoint enrollment on the Cisco Adaptive Security Appliance.