How to Implement Secure Socket Layer
2.
3.
4.
5.
6.
7.
8.
9.
DETAILED STEPS
Command or Action
Step 1
crypto key generate rsa [usage-keys |
general-keys] [keypair-label]
Example:
RP/0/RP0/CPU0:router# crypto key generate rsa
general-keys
The name for the keys will be: the_default
% You already have keys defined for the_default
Do you really want to replace them? [yes/no]:
Step 2
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 3
domain ipv4 host host-name v4address1
[
v4address2...v4address8
Example:
RP/0/RP0/CPU0:router(config)# domain ipv4 host
ultra5 192.168.7.18
Step 4
crypto ca trustpoint ca-name
Example:
RP/0/RP0/CPU0:router(config)# crypto ca
trustpoint myca
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-214
configure
domain ipv4 host host-name v4address1 [v4address2...v4address8] [unicast | multicast]
crypto ca trustpoint ca-name
enrollment url CA-URL
end
or
commit
crypto ca authenticate ca-name
crypto ca enroll ca-name
show crypto ca certificates
]
[unicast | multicast]
Implementing Secure Socket Layer on Cisco IOS XR Software
Purpose
Generates RSA key pairs.
RSA key pairs are used to sign and encrypt Internet Key
•
Exchange (IKE) key management messages and are
required before you can obtain a certificate for your
router.
•
Use the usage-keys keyword to specify special usage
keys; use the general-keys keyword to specify
general-purpose RSA keys.
The keypair-label argument is the RSA key pair label
•
that names the RSA key pairs.
To generate DSA key pairs, use the crypto key
•
generate dsa command in EXEC mode.
Enters global configuration mode.
Defines a static hostname-to-address mapping in the host
cache using IPv4.
•
To define a static hostname-to-address mapping in the
host cache using IPv6, use the domain ipv6 host
hostname v6address1 [v6address2...v6address8]
[unicast | multicast] command.
Configures a trusted point with a selected name so that your
router can verify certificates issued to peers.
Enters trustpoint configuration mode.
•
OL-20382-01