FIPS compliance···················································································································· 228
Enabling password control ······································································································· 228
Network requirements ······································································································ 232
Configuration procedure ··································································································· 233
Overview ······························································································································ 236
FIPS compliance···················································································································· 236
Creating a local key pair ·········································································································· 236
Destroying a local key pair ······································································································· 238
Configuring PKI ··········································································· 245
Overview ······························································································································ 245
PKI terminology ·············································································································· 245
PKI architecture ·············································································································· 246
PKI operation ················································································································· 246
PKI applications ·············································································································· 247
Support for MPLS L3VPN ································································································· 247
FIPS compliance···················································································································· 248
PKI configuration task list ········································································································· 248
Configuring a PKI entity ··········································································································· 248
Configuring a PKI domain ········································································································ 249
Requesting a certificate ··········································································································· 251
Configuration guidelines ··································································································· 251
Obtaining certificates ·············································································································· 253
Configuration guidelines ··································································································· 254
Configuration procedure ··································································································· 254
Verifying PKI certificates ·········································································································· 254
Exporting certificates ·············································································································· 256
Removing a certificate ············································································································· 257
PKI configuration examples ······································································································ 259
v