Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 77

Implementing Certification Authority Interoperability on Cisco IOS XR Software
Command or Action
Step 7
rsakeypair keypair-label
Example:
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair
mykey
Step 8
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-trustp)# end
or
RP/0/RP0/CPU0:router(config-trustp)# commit
Authenticating the CA
This task authenticates the CA to your router.
The router must authenticate the CA by obtaining the self-signed certificate of the CA, which contains
the public key of the CA. Because the certificate of the CA is self-signed (the CA signs its own
certificate), manually authenticate the public key of the CA by contacting the CA administrator to
compare the fingerprint of the CA certificate.
SUMMARY STEPS
1.
2.
OL-20382-01
crypto ca authenticate ca-name
show crypto ca certificates
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
Purpose
(Optional) Specifies a named RSA key pair generated using
the crypto key generate rsa command for this trustpoint.
• Not setting this key pair means that the trustpoint uses
the default RSA key in the current configuration.
Saves configuration changes.
• When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
– Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
–
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
–
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
•
changes to the running configuration file and remain
within the configuration session.
How to Implement CA Interoperability
SC-71