Configuration guidelines ··························································································································· 57
Configuration procedure ··························································································································· 58
Displaying a host public key ····················································································································· 59
Destroying a local key pair ······························································································································· 60
Configuring a peer public key ·························································································································· 60
Entering a peer public key ························································································································ 61
Configuring PKI ····························································································· 66
Overview ·························································································································································· 66
PKI terminology ········································································································································ 66
PKI architecture ········································································································································ 67
PKI operation ··········································································································································· 67
PKI applications ······································································································································· 68
Support for MPLS L3VPN ························································································································ 68
FIPS compliance ·············································································································································· 69
PKI configuration task list ································································································································· 69
Configuring a PKI entity ··································································································································· 69
Configuring a PKI domain ································································································································ 70
Requesting a certificate ··································································································································· 72
Configuration guidelines ··························································································································· 72
Aborting a certificate request ··························································································································· 74
Obtaining certificates ······································································································································· 74
Configuration prerequisites ······················································································································ 74
Configuration guidelines ··························································································································· 74
Configuration procedure ··························································································································· 75
Verifying PKI certificates ·································································································································· 75
Exporting certificates ········································································································································ 77
Removing a certificate ····································································································································· 77
Displaying and maintaining PKI ······················································································································· 79
PKI configuration examples ····························································································································· 79
Failed to obtain CRLs ······························································································································· 95
Failed to export certificates ······················································································································ 97
Configuring SSL ···························································································· 99
Overview ·························································································································································· 99
SSL security services ······························································································································· 99
ii