FIPS compliance ············································································································································ 215
Enabling password control ····························································································································· 215
Network requirements ···························································································································· 219
Configuration procedure ························································································································· 220
Verifying the configuration ······················································································································ 221
Managing public keys ················································································· 223
Overview ························································································································································ 223
FIPS compliance ············································································································································ 223
Creating a local key pair ································································································································ 223
Exporting a host public key ···················································································································· 225
Displaying a host public key ··················································································································· 225
Destroying a local key pair ····························································································································· 226
Configuring SSL ·························································································· 232
Overview ························································································································································ 232
SSL security services ····························································································································· 232
SSL protocol stack ································································································································· 232
FIPS compliance ············································································································································ 233
SSL configuration task list ······························································································································ 233
Displaying and maintaining SSL ···················································································································· 237
Configuring PKI ··························································································· 240
Overview ························································································································································ 240
PKI terminology ······································································································································ 240
PKI architecture ······································································································································ 241
PKI operation ········································································································································· 241
PKI applications ····································································································································· 242
Support for MPLS L3VPN ······················································································································ 242
FIPS compliance ············································································································································ 243
PKI configuration task list ······························································································································· 243
Configuring a PKI entity ································································································································· 243
Configuring a PKI domain ······························································································································ 244
Requesting a certificate ································································································································· 246
Configuration guidelines ························································································································· 246
Aborting a certificate request ························································································································· 248
Obtaining certificates ····································································································································· 248
Configuration prerequisites ···················································································································· 248
Configuration guidelines ························································································································· 248
Configuration procedure ························································································································· 249
Verifying PKI certificates ································································································································ 249
v