Logging ·················································································································································· 215
FIPS compliance ············································································································································ 216
Enabling password control ····························································································································· 216
Network requirements ···························································································································· 220
Configuration procedure ························································································································· 221
Verifying the configuration ······················································································································ 222
Managing public keys ················································································· 224
Overview ························································································································································ 224
FIPS compliance ············································································································································ 224
Creating a local key pair ································································································································ 224
Exporting a host public key ···················································································································· 226
Displaying a host public key ··················································································································· 226
Destroying a local key pair ····························································································································· 227
Configuring SSL ·························································································· 233
Overview ························································································································································ 233
SSL security services ····························································································································· 233
SSL protocol stack ································································································································· 233
FIPS compliance ············································································································································ 234
SSL configuration task list ······························································································································ 234
Displaying and maintaining SSL ···················································································································· 239
Configuring PKI ··························································································· 242
Overview ························································································································································ 242
PKI terminology ······································································································································ 242
PKI architecture ······································································································································ 243
PKI operation ········································································································································· 243
PKI applications ····································································································································· 244
Support for MPLS L3VPN ······················································································································ 244
FIPS compliance ············································································································································ 245
PKI configuration task list ······························································································································· 245
Configuring a PKI entity ································································································································· 245
Configuring a PKI domain ······························································································································ 246
Requesting a certificate ································································································································· 248
Configuration guidelines ························································································································· 248
Aborting a certificate request ························································································································· 250
Obtaining certificates ····································································································································· 250
Configuration prerequisites ···················································································································· 250
Configuration guidelines ························································································································· 251
Configuration procedure ························································································································· 251
Verifying PKI certificates ································································································································ 251
v