Keychain configuration example ···················································································································· 277
Network requirements ···························································································································· 277
Configuration procedure ························································································································· 278
Verifying the configuration ······················································································································ 279
Managing public keys ················································································ 283
Overview ························································································································································ 283
FIPS compliance ············································································································································ 283
Creating a local key pair································································································································· 283
Exporting a host public key ···················································································································· 285
Displaying a host public key ··················································································································· 285
Destroying a local key pair ····························································································································· 286
Configuring PKI ························································································· 292
Overview ························································································································································ 292
PKI terminology ······································································································································ 292
PKI architecture ······································································································································ 293
PKI operation ········································································································································· 293
PKI applications ····································································································································· 294
Support for MPLS L3VPN ······················································································································ 294
FIPS compliance ············································································································································ 295
PKI configuration task list ······························································································································· 295
Configuring a PKI entity ································································································································· 295
Configuring a PKI domain ······························································································································ 296
Requesting a certificate·································································································································· 298
Configuration guidelines ························································································································· 298
Aborting a certificate request ························································································································· 300
Obtaining certificates······································································································································ 300
Configuration prerequisites ···················································································································· 300
Configuration guidelines ························································································································· 301
Configuration procedure ························································································································· 301
Verifying PKI certificates ································································································································ 301
Exporting certificates ······································································································································ 303
Removing a certificate···································································································································· 304
Displaying and maintaining PKI ····················································································································· 305
PKI configuration examples ··························································································································· 306
Failed to obtain CRLs ····························································································································· 327
vii