About Cisco Router PKI FQDN?

Hi Guys,

We do have a dmvpn with IPSEC profile which certificate is being used for authentication and Would like to ask about how FQDN is being built, used and being presented to other routers?

​

1. By default does Cisco IOS uses its hostname and ip domain name?
2. Once you have successfully completed the auth/enrollement process. Tho the fqdn that is configured below is being presented to other router for authentication.. If the peer router has configured "match identity host domain test.com " so it needs to match the test.com domain from certicate fqdn?

​

crypto pki trustpoint TESTPKI enrollment url http://x.x.x.x:80 fqdn rtrhostname.test.com <cut> 

1. How to show/check the fqdn being used for the router? Is this the correct command?

   spoke1#show crypto pki certificates Certificate <> Issuer: cn=xyz Subject: Name: rtrhostname.test.com hostname=rtrhostname.test.com cn=xyz

2. From below logs from peer router why the fqdn present is different from the assigned fqdn on the certification "TESTPKI"?

   ISAKMP:(2015):My ID configured as IPv4 Addr, but Addr not in Cert! ISAKMP:(2015):Using FQDN as My ID ISAKMP:(2015):SA is doing RSA signature authentication using id type ID_FQDN ISAKMP (2015): ID payload next-payload : 6 type : 2 FQDN name : spoke1 <------- Router hostname is presented by the router?Why?