Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 110

Chapter 4. Requesting, Enrolling, and Managing Certificates
scep(ca-identity)# enrollment url http://server.example.com:9180/ca/cgi-bin
scep(ca-identity)# crl optional
It is also possible to send the request to the RA.
12. Get the CA's certificate.
scep(config)# crypto ca authenticate CA
Certificate has the following attributes:
Fingerprint: 145E3825 31998BA7 F001EA9A B4001F57
% Do you accept this certificate? [yes/no]: yes
13. Generate RSA key pair.
scep(config)# crypto key generate rsa
The name for the keys will be: scep.server.example.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]:
Generating RSA keys ...
[OK]
14. Lastly, generate the certificate on the router.
scep(config)# crypto ca enroll CA
%
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password: secret
Re-enter password: secret
% The subject name in the certificate will be: scep.server.example.com
% Include the router serial number in the subject name? [yes/no]: yes
% The serial number in the certificate will be: 57DE391C
% Include an IP address in the subject name? [yes/no]: yes
% Interface: Ethernet0/0
% Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
% The 'show crypto ca certificate' command will also show the fingerprint.
% Fingerprint:D89DB555 E64CC2F7 123725B4 3DBDF263
Jan 12 13:41:17.348: %CRYPTO-6-CERTRET: Certificate received from Certificate
15. Close configuration mode.
scep(config)# exit
16. To make sure that the router was properly enrolled, list all of the certificates stored on the router.
88