Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION Administration Manual page 530

Appendix C. Enrolling a Certificate in a Cisco Router
Generate rsa key pair:
scep(config)# crypto key generate rsa
The name for the keys will be: scep.dsdev.sjc.redhat.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
Generating RSA keys ...
[OK]
Enroll:
scep(config)# crypto ca enroll CA
%
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password: 12345
Re-enter password: 12345
% The subject name in the certificate will be: scep.dsdev.sjc.redhat.com
% Include the router serial number in the subject name? [yes/no]: yes
% The serial number in the certificate will be: 57DE391C
% Include an IP address in the subject name? [yes/no]: yes
% Interface: Ethernet0/0
% Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
% The 'show crypto ca certificate' command will also show the fingerprint.
% Fingerprint: D89DB555 E64CC2F7 123725B4 3DBDF263
Jan 12 13:41:17.348: %CRYPTO-6-CERTRET: Certificate received from Certificate
Exit from conf mode
scep(config)# exit
Show certificates:
scep# show crypto ca certificates
Certificate
Status: Available
Certificate Serial Number: 0C
Key Usage: General Purpose
Issuer:
CN = Certificate Authority
O = Sfbay Red hat Domain 20070111d12
Subject Name Contains:
Name: scep.dsdev.sjc.redhat.com
IP Address: 10.14.1.94
Serial Number: 57DE391C
508