How to Implement CA Interoperability
DETAILED STEPS
Command or Action
Step 1
crypto ca enroll ca-name
Example:
RP/0/RP0/CPU0:router# crypto ca enroll myca
Step 2
show crypto ca certificates
Example:
RP/0/RP0/CPU0:router# show crypto ca
certificates
Configuring Certificate Enrollment Using Cut-and-Paste
This task declares the trustpoint certification authority (CA) that your router should use and configures
that trustpoint CA for manual enrollment by using cut-and-paste.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
Cisco IOS XR System Security Configuration Guide
SC-12
configure
crypto ca trustpoint ca-name
enrollment terminal
end
or
commit
crypto ca authenticate ca-name
crypto ca enroll ca-name
crypto ca import ca-name certificate
show crypto ca certificates
Implementing Certification Authority Interoperability on Cisco IOS XR Software
Purpose
Requests certificates for all of your RSA key pairs.
This command causes your router to request as many
•
certificates as there are RSA key pairs, so you need
only perform this command once, even if you have
special usage RSA key pairs.
This command requires you to create a challenge
•
password that is not saved with the configuration. This
password is required if your certificate needs to be
revoked, so you must remember this password.
•
A certificate may be issued immediately or the router
sends a certificate request every minute until the
enrollment retry period is reached and a timeout occurs.
If a timeout occurs, contact your system administrator
to get your request approved, and then enter this
command again.
(Optional) Displays information about the CA certificate.