Implementing Certification Authority Interoperability on Cisco IOS XR Software
How to Implement CA Interoperability
SC-10
Cisco IOS XR System Security Configuration Guide
Authenticating the CA
This task authenticates the CA to your router.
The router must authenticate the CA by obtaining the self-signed certificate of the CA, which contains
the public key of the CA. Because the certificate of the CA is self-signed (the CA signs its own
certificate), manually authenticate the public key of the CA by contacting the CA administrator to
compare the fingerprint of the CA certificate.
SUMMARY STEPS
1. crypto ca authenticate ca-name
2. show crypto ca certificates
Step 7
rsakeypair
keypair-label
Example:
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair
mykey
(Optional) Specifies a named RSA key pair generated using
the crypto key generate rsa command for this trustpoint.
• Not setting this key pair means that the trustpoint uses
the default RSA key in the current configuration.
Step 8
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-trustp)# end
or
RP/0/RP0/CPU0:router(config-trustp)# commit
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
–
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
–
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
–
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
• Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action Purpose
To Next Page
Loading...
Need help?
General
