Figure 72 PKI support for MPLS L3VPN
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see
PKI configuration task list
Tasks at a glance
(Required.)
(Required.)
(Required.)
•
Configuring automatic certificate request
•
Manually requesting a certificate
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
Configuring a PKI entity
A CA identifies a certificate applicant by the identity information. A valid PKI entity must include at least
one of following identity categories:
Distinguished name (DN) of the entity, which further includes the common name, county code,
•
locality, organization, unit in the organization, and state. If you configure the DN for an entity, a
common name is required.
Configuring a PKI entity
Configuring a PKI domain
Requesting a certificate
Aborting a certificate request
Obtaining certificates
Verifying PKI certificates
Specifying the storage path for the certificates and CRLs
Exporting certificates
Removing a certificate
Configuring a certificate access control policy
"Configuring
188
FIPS") and non-FIPS mode.