Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 76

How to Implement CA Interoperability
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto ca trustpoint ca-name
Example:
RP/0/RP0/CPU0:router(config)# crypto ca
trustpoint myca
Step 3
enrollment url CA-URL
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
url
http://ca.domain.com/certsrv/mscep/mscep.dll
Step 4
query url LDAP-URL
Example:
RP/0/RP0/CPU0:router(config-trustp)# query url
ldap://my-ldap.domain.com
Step 5
enrollment retry period minutes
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
retry period 2
Step 6
enrollment retry count number
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
retry count 10
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-70
Implementing Certification Authority Interoperability on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Declares a CA.
• Configures a trusted point with a selected name so that
your router can verify certificates issued to peers.
Enters trustpoint configuration mode.
•
Specifies the URL of the CA.
• The URL should include any nonstandard cgi-bin script
location.
(Optional) Specifies the location of the LDAP server if your
CA system supports the LDAP protocol.
(Optional) Specifies a retry period.
After requesting a certificate, the router waits to receive
•
a certificate from the CA. If the router does not receive
a certificate within a period of time (the retry period)
the router will send another certificate request.
• Range is from 1 to 60 minutes. Default is 1 minute.
(Optional) Specifies how many times the router continues to
send unsuccessful certificate requests before giving up.
• The range is from 1 to 100.
OL-20382-01