Implementing Secure Socket Layer on Cisco IOS XR Software
How to Implement Secure Socket Layer
SC-162
Cisco IOS XR System Security Configuration Guide
DETAILED STEPS
Command or Action Purpose
Step 1
crypto key generate rsa [usage-keys |
general-keys] [
keypair-label
]
Example:
RP/0/RP0/CPU0:router# crypto key generate rsa
general-keys
The name for the keys will be: the_default
% You already have keys defined for the_default
Do you really want to replace them? [yes/no]:
Generates RSA key pairs.
• RSA key pairs are used to sign and encrypt Internet Key
Exchange (IKE) key management messages and are
required before you can obtain a certificate for your
router.
• Use the usage-keys keyword to specify special usage
keys; use the general-keys keyword to specify
general-purpose RSA keys.
• The keypair-label argument is the RSA key pair label
that names the RSA key pairs.
• To generate DSA key pairs, use the cypto key generate
dsa command in EXEC mode.
Step 2
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 3
domain ipv4 host
host-name v4address1
[
v4address2...v4address8
] [unicast | multicast]
Example:
RP/0/RP0/CPU0:router(config)# domain ipv4 host
ultra5 192.168.7.18
Defines a static hostname-to-address mapping in the host
cache using IPv4.
• To define a static hostname-to-address mapping in the
host cache using IPv6, use the domain ipv6 host
hostname v6address1 [v6address2...v6address8]
[unicast | multicast] command.
Step 4
crypto ca trustpoint
ca-name
Example:
RP/0/RP0/CPU0:router(config)# crypto ca
trustpoint myca
Configures a trusted point with a selected name so that your
router can verify certificates issued to peers.
• Enters trustpoint configuration mode.
Step 5
enrollment url
CA-URL
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
url
http://ca.domain.com/certsrv/mscep/mscep.dll
Specifies the URL of the CA.
• The URL should include any nonstandard cgi-bin script
location.
To Next Page
Loading...
