Cisco CRS-1 - Carrier Routing System Router Configuration Manual page 79

Implementing Certification Authority Interoperability on Cisco IOS XR Software
DETAILED STEPS
Command or Action
Step 1
crypto ca enroll ca-name
Example:
RP/0/RP0/CPU0:router# crypto ca enroll myca
Step 2
show crypto ca certificates
Example:
RP/0/RP0/CPU0:router# show crypto ca
certificates
Configuring Certificate Enrollment Using Cut-and-Paste
This task declares the trustpoint certification authority (CA) that your router should use and configures
that trustpoint CA for manual enrollment by using cut-and-paste.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
OL-20382-01
configure
crypto ca trustpoint ca-name
enrollment terminal
end
or
commit
crypto ca authenticate ca-name
crypto ca enroll ca-name
crypto ca import ca-name certificate
show crypto ca certificates
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
Purpose
Requests certificates for all of your RSA key pairs.
This command causes your router to request as many
•
certificates as there are RSA key pairs, so you need
only perform this command once, even if you have
special usage RSA key pairs.
• This command requires you to create a challenge
password that is not saved with the configuration. This
password is required if your certificate needs to be
revoked, so you must remember this password.
A certificate may be issued immediately or the router
•
sends a certificate request every minute until the
enrollment retry period is reached and a timeout occurs.
If a timeout occurs, contact your system administrator
to get your request approved, and then enter this
command again.
(Optional) Displays information about the CA certificate.
How to Implement CA Interoperability
SC-73