Network requirements ········································································································································· 202
Configuration procedure ···································································································································· 203
Verifying the configuration ································································································································· 204
Managing public keys ············································································································································ 206
Overview ······································································································································································· 206
FIPS compliance ··························································································································································· 206
Creating a local key pair ············································································································································ 207
Configuration guidelines ···································································································································· 207
Configuration procedure ···································································································································· 207
Exporting a host public key ································································································································ 208
Displaying a host public key ······························································································································ 209
Destroying a local key pair ········································································································································· 209
Entering a peer host public key ························································································································· 210
Configuring PKI ······················································································································································· 216
Overview ······································································································································································· 216
PKI terminology ···················································································································································· 216
PKI architecture ···················································································································································· 217
PKI operation ······················································································································································· 218
PKI applications ··················································································································································· 218
FIPS compliance ··························································································································································· 218
PKI configuration task list ············································································································································ 218
Configuring a PKI entity ·············································································································································· 219
Configuring a PKI domain ··········································································································································· 220
Requesting a certificate ··············································································································································· 222
Configuration guidelines ···································································································································· 222
Aborting a certificate request ····································································································································· 224
Obtaining certificates ·················································································································································· 224
Configuration prerequisites ································································································································ 224
Configuration guidelines ···································································································································· 225
Configuration procedure ···································································································································· 225
Verifying PKI certificates ·············································································································································· 225
Exporting certificates ··················································································································································· 227
Removing a certificate ················································································································································· 228
Displaying and maintaining PKI ································································································································· 229
v