Implementing Certification Authority Interoperability on Cisco IOS XR Software
How to Implement CA Interoperability
SC-8
Cisco IOS XR System Security Configuration Guide
DETAILED STEPS
Declaring a Certification Authority and Configuring a Trusted Point
This task declares a CA and configures a trusted point.
SUMMARY STEPS
1. configure
2. crypto ca trustpoint ca-name
3. enrollment url CA-URL
4. query url LDAP-URL
5. enrollment retry period minutes
6. enrollment retry count number
7. rsakeypair keypair-label
8. end
or
commit
Command or Action Purpose
Step 1
crypto key generate rsa [usage keys |
general-keys] [
keypair-label
]
Example:
RP/0/RP0/CPU0:router# crypto key generate rsa
general-keys
Generates RSA key pairs.
• Use the usage keys keyword to specify special usage
keys; use the general-keys keyword to specify general-
purpose RSA keys.
• The keypair-label argument is the RSA key pair label
that names the RSA key pairs.
Step 2
crypto key zeroize rsa [
keypair-label
]
Example:
RP/0/RP0/CPU0:router# crypto key zeroize rsa
key1
(Optional) Deletes all RSAs from the router.
• Under certain circumstances, you may want to delete
all RSA keys from you router. For example, if you
believe the RSA keys were compromised in some way
and should no longer be used, you should delete the
keys.
• To remove a specific RSA key pair, use the
keypair-label argument.
Step 3
show crypto key mypubkey rsa
Example:
RP/0/RP0/CPU0:router# show crypto key mypubkey
rsa
(Optional) Displays the RSA public keys for your router.
To Next Page
Loading...
