Name: Cisco IOS XR
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Implementing Secure Socket Layer on Cisco IOS XR Software

Contents

SC-160

Cisco IOS XR System Security Configuration Guide

Contents

• Prerequisites for Implementing Secure Socket Layer, page SC-160

• Information About Implementing Secure Socket Layer, page SC-160

• How to Implement Secure Socket Layer, page SC-161

• Configuration Examples for Implementing Secure Socket Layer, page SC-164

• Additional References, page SC-164

Prerequisites for Implementing Secure Socket Layer

The following prerequisites are required to implement SSL:

• You must be in a user group associated with a task group that includes the proper task IDs for

security commands. For detailed information about user groups and task IDs, see the Configuring

AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security

Configuration Guide.

• You must install and activate the Package Installation Envelope (PIE) for the security software.

For detailed information about optional PIE installation, refer to the Cisco IOS XR Getting Started

Guide.

• Before you can begin using SSL, you must generate either Rivest, Shamir, and Adelman (RSA) or

Digital Signature Algorithm (DSA) key pairs, enroll with a CA, and obtain the CA certificate for the

router key.

For more information on the commands required to perform these tasks, see the crypto key

generate rsa, crypto key generate dsa, crypto ca enroll, and crypto ca authenticate commands

in the Public Key Infrastructure Commands on Cisco IOS XR Software module of the Cisco IOS XR

System Security Command Reference.

Information About Implementing Secure Socket Layer

To implement SSL you need to understand the following concept:

• Purpose of Certification Authorities, page SC-160

Purpose of Certification Authorities

CAs are responsible for managing certificate requests and issuing certificates to participating IPSec

network devices. These services provide centralized key management for the participating devices.

CAs simplify the administration of IPSec network devices. You can use a CA with a network containing

multiple IPSec-compliant devices, such as routers.

Digital signatures, enabled by public key cryptography, provide a means of digitally authenticating

devices and individual users. In public key cryptography, such as the RSA encryption system, each user

has a key pair containing both a public and a private key. The keys act as complements, and anything

encrypted with one of the keys can be decrypted with the other. In simple terms, a signature is formed

when data is encrypted with a user’s private key. The receiver verifies the signature by decrypting the

message with the sender’s public key. The fact that the message could be decrypted using the sender’s

Questions and Answers:

Need help?

Do you have a question about the Cisco IOS XR and is the answer not in the manual?

Cisco IOS XR Specifications

General

Operating System	Cisco IOS XR
Architecture	Microkernel
High Availability	Yes
Type	Network operating system
Developed by	Cisco Systems
License	Proprietary
Programming Language	C, C++
Kernel	QNX
Supported Platforms	Cisco ASR9000, NCS series
Security Features	Role-Based Access Control (RBAC), Secure Boot, Encryption
Management Interface	CLI, SNMP, NETCONF, RESTCONF
Release Date	2004
Target Devices	High-end core routers, service provider edge routers, data center interconnect (DCI) routers
Supported Hardware	Cisco routers and switches
Networking Protocols	BGP, OSPF, IS-IS, MPLS
Virtualization Support	Virtualization-ready, supports network function virtualization (NFV) and containerization technologies.