Managing public keys ················································································· 263
Overview ························································································································································ 263
FIPS compliance ············································································································································ 263
Creating a local key pair ································································································································ 263
Exporting a host public key ···················································································································· 265
Displaying a host public key ··················································································································· 265
Destroying a local key pair ····························································································································· 266
Configuring PKI ··························································································· 272
Overview ························································································································································ 272
PKI terminology ······································································································································ 272
PKI architecture ······································································································································ 273
PKI operation ········································································································································· 273
PKI applications ····································································································································· 274
Support for MPLS L3VPN ······················································································································ 274
FIPS compliance ············································································································································ 275
PKI configuration task list ······························································································································· 275
Configuring a PKI entity ································································································································· 275
Configuring a PKI domain ······························································································································ 276
Requesting a certificate ································································································································· 278
Configuration guidelines ························································································································· 278
Aborting a certificate request ························································································································· 280
Obtaining certificates ····································································································································· 280
Configuration prerequisites ···················································································································· 280
Configuration guidelines ························································································································· 281
Configuration procedure ························································································································· 281
Verifying PKI certificates ································································································································ 281
Exporting certificates ······································································································································ 283
Removing a certificate ··································································································································· 284
Displaying and maintaining PKI ····················································································································· 285
PKI configuration examples ··························································································································· 286
Failed to obtain CRLs ····························································································································· 304
Failed to export certificates ···················································································································· 305
vi