Implementing Certification Authority Interoperability on Cisco IOS XR Software
How to Implement CA Interoperability
SC-9
Cisco IOS XR System Security Configuration Guide
DETAILED STEPS
Command or Action Purpose
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Enters global configuration mode.
Step 2
crypto ca trustpoint
ca-name
Example:
RP/0/RP0/CPU0:router(config)# crypto ca
trustpoint myca
Declares a CA.
• Configures a trusted point with a selected name so that
your router can verify certificates issued to peers.
• Enters trustpoint configuration mode.
Step 3
enrollment url
CA-URL
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
url
http://ca.domain.com/certsrv/mscep/mscep.dll
Specifies the URL of the CA.
• The URL should include any nonstandard cgi-bin script
location.
Step 4
query url
LDAP-URL
Example:
RP/0/RP0/CPU0:router(config-trustp)# query url
ldap://my-ldap.domain.com
(Optional) Specifies the location of the LDAP server if your
CA system supports the LDAP protocol.
Step 5
enrollment retry period
minutes
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
retry period 2
(Optional) Specifies a retry period.
• After requesting a certificate, the router waits to receive
a certificate from the CA. If the router does not receive
a certificate within a period of time (the retry period)
the router will send another certificate request.
• Range is from 1 to 60 minutes. Default is 1 minute.
Step 6
enrollment retry count
number
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
retry count 10
(Optional) Specifies how many times the router continues to
send unsuccessful certificate requests before giving up.
• The range is from 1 to 100.
To Next Page
Loading...
