Example - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

This step depends on your CA's configuration for router enrollment.
2.
NOTE

Example

The example below shows the commands and associated outputs for a Cisco
router:
# To perform certificate enrollment for a router using CEP, you must be
# in privileged mode, which you do by typing "enable" first, and then
# entering the password.
router> enable
router% config terminal
router(config)#crypto key generate rsa
The name for the keys will be: netscape.mcom.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take a few
minutes.
How many bits in the modulus [512]:
Generating RSA keys ...
[OK]
router(config)#crypto ca identity test-ca
router(ca-identity)#enrollment url http://ca-hostname.domain.com/cgi-bin/
If the CA to which the router submitted the request employs automatic
enrollment (or authentication) for routers, the request will get processed by
the CA. The CA may return the certificate to the router in the same
transaction. If it doesn't, the router checks with the CA at periodic
intervals; in the router configuration you can specify how often the router
should poll the CA for the certificate and how many attempts it should
make. By default, the router checks the CA every minute.
If the CA to which you submitted the request is configured for manual
enrollment (or authentication), the request gets queued and awaits
approval by an agent.
Your router may require additional configuration changes. Be sure
to follow the information in your router documentation.
Certificate Issuance to Routers or VPN Clients
pkiclient.exe
Chapter 25 Setting Up CEP Enrollment 825