Table of Contents
Advertisement
JunosE 11.2.x IP Services Configuration Guide
authentication
crl
enrollment retry-limit
enrollment retry-period
220
host1(config)#ipsec ca enroll trustedca1 My498pWd
(Optional) To delete RSA key pairs, use the ipsec key zeroize command.
12.
Use to specify the authentication method that the router uses. For digital certificates,
the method is set to RSA signature.
Example
host1(config-ike-policy)#authentication rsa-sig
Use the no version to restore the default, preshared keys.
See authentication.
Use to control how the router handles certificate revocation lists (CRLs) during
negotiation of online IKE phase 1 signature authentication. Specify one of the following
keywords:
ignored—Allows negotiations to succeed even if a CRL is invalid or the peer's
certificate appears in the CRL; this is the most lenient setting
optional—If the router finds a valid CRL, it uses it; this is the default setting
required—Requires a valid CRL; either the certificates that belong to the E Series
router or the peer must not appear in the CRL; this is the strictest setting
Example
host1(config-ca-identity)#crl ignored
Use the no version to return the CRL setting to the default, optional.
See crl.
Use to set the time period during which the router continues to send a certificate request
to the CA. You can specify a time period in the range 0–480 minutes, with 0 specifying
an infinite time period.
Example
host1(config-ca-identity)#enrollment retry-limit 200
Use the no version to restore the default of 60 minutes.
See enrollment retry-limit.
Use to set the number of minutes that the router waits after receiving no response
before resending a certificate request to the CA. You can specify a wait period in the
range 0–60 minutes.
Example
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
