Managing public keys ············································································································································ 123
Overview ······································································································································································· 123
FIPS compliance ··························································································································································· 123
Creating a local key pair ············································································································································ 123
Configuration guidelines ···································································································································· 123
Configuration procedure ···································································································································· 124
Displaying a host public key ······························································································································ 126
Destroying a local key pair ········································································································································· 126
Configuring a peer public key ···································································································································· 126
Entering a peer public key ································································································································· 127
Configuring PKI ······················································································································································· 133
Overview ······································································································································································· 133
PKI terminology ···················································································································································· 133
PKI architecture ···················································································································································· 134
PKI operation ······················································································································································· 134
PKI applications ··················································································································································· 135
Support for MPLS L3VPN ···································································································································· 135
FIPS compliance ··························································································································································· 136
PKI configuration task list ············································································································································ 136
Configuring a PKI entity ·············································································································································· 136
Configuring a PKI domain ··········································································································································· 137
Requesting a certificate ··············································································································································· 139
Aborting a certificate request ····································································································································· 141
Obtaining certificates ·················································································································································· 142
Configuration prerequisites ································································································································ 142
Configuration guidelines ···································································································································· 142
Configuration procedure ···································································································································· 142
Verifying PKI certificates ·············································································································································· 143
Exporting certificates ··················································································································································· 145
Removing a certificate ················································································································································· 145
Displaying and maintaining PKI ································································································································· 147
PKI configuration examples ········································································································································· 147
iii