Table of Contents
Advertisement
organization
Configuring Digital Certificates Using the Online Method
To use the online configuration method to set up digital certificates on the router:
1.
2.
NOTE: For more information about setting up IKE policies, see "Defining an IKE
Policy" on page 156 in "Configuring IPSec" on page 125.
3.
4.
5.
6.
host1(config)#ipsec key zeroize rsa
There is no no version.
See ipsec key zeroize.
Use to specify the organization used in the Subject Name field of certificates.
Example
host1(config-ipsec-identity)#organization juniperNetworks
Use the no version to remove the organization name.
See organization.
Generate the RSA key pair.
host1(config)#ipsec key generate rsa 2048
Please wait.................................................
..........................
IPsec Generate Keys complete
In your IKE policy, set the authentication method to RSA signatures.
host1(config)#ipsec ike-policy-rule 1
host1(config-ike-policy)#authentication rsa-sig
host1(config-ike-policy)#exit
Enter IPSec CA Identity Configuration mode, and specify the name of the
certificate authority.
host1(config)#ipsec ca identity trustedca1
host1(config-ca-identity)#
Specify the name of the CA issuer.
host1(config-ca-identity)#issuer-identifier BetaSecurityCorp
Specify the URL of the SCEP server from which the CA certificates and the router's
public certificates is retrieved.
host1(config-ca-identity)#enrollment url http://192.168.99.105/scepurl
(Optional) Set the sensitivity of how the router handles CRLs.
Configuring Digital Certificates Using the Online Method
Chapter 8: Configuring Digital Certificates
227
Advertisement
Table of Contents
Need help?
Do you have a question about the IP SERVICES - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?