Logging ·················································································································································· 215

FIPS compliance ············································································································································ 216

Password control configuration task list ········································································································· 216

Enabling password control ····························································································································· 216

Setting global password control parameters ·································································································· 217

Setting user group password control parameters ·························································································· 218

Setting local user password control parameters ···························································································· 219

Setting super password control parameters ·································································································· 219

Displaying and maintaining password control ································································································ 220

Password control configuration example ······································································································· 220

Network requirements ···························································································································· 220

Configuration procedure ························································································································· 221

Verifying the configuration ······················································································································ 222

Managing public keys ················································································· 224

Overview ························································································································································ 224

Creating a local key pair ································································································································ 224

Distributing a local host public key ················································································································· 226

Exporting a host public key ···················································································································· 226

Displaying a host public key ··················································································································· 226

Destroying a local key pair ····························································································································· 227

Configuring a peer host public key ················································································································· 227

Importing a peer host public key from a public key file ·········································································· 227

Entering a peer host public key ·············································································································· 228

Displaying and maintaining public keys ········································································································· 228

Examples of public key management ············································································································ 228

Example for entering a peer host public key ·························································································· 228

Example for importing a public key from a public key file ······································································ 230

Configuring SSL ·························································································· 233

SSL security services ····························································································································· 233

SSL protocol stack ································································································································· 233

SSL configuration task list ······························································································································ 234

Configuring an SSL server policy ··················································································································· 234

Configuring an SSL client policy ···················································································································· 237

Displaying and maintaining SSL ···················································································································· 239

SSL server policy configuration example ······································································································· 239

Configuring PKI ··························································································· 242

PKI terminology ······································································································································ 242

PKI architecture ······································································································································ 243

PKI operation ········································································································································· 243

PKI applications ····································································································································· 244

Support for MPLS L3VPN ······················································································································ 244

PKI configuration task list ······························································································································· 245

Configuring a PKI entity ································································································································· 245

Configuring a PKI domain ······························································································································ 246

Requesting a certificate ································································································································· 248

Configuration guidelines ························································································································· 248

Configuring automatic certificate request ······························································································· 249

Manually requesting a certificate ············································································································ 249

Aborting a certificate request ························································································································· 250

Obtaining certificates ····································································································································· 250

Configuration prerequisites ···················································································································· 250

Configuration guidelines ························································································································· 251

Configuration procedure ························································································································· 251

Verifying PKI certificates ································································································································ 251

Table of Contents