How to Implement CA Interoperability
DETAILED STEPS
Command or Action
Step 1
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 2
crypto ca trustpoint ca-name
Example:
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint
myca
RP/0/RP0/CPU0:router(config-trustp)#
Step 3
enrollment terminal
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
terminal
Step 4
end
or
commit
Example:
RP/0/RP0/CPU0:router(config-trustp)# end
or
RP/0/RP0/CPU0:router(config-trustp)# commit
Step 5
crypto ca authenticate ca-name
Example:
RP/0/RP0/CPU0:router# crypto ca authenticate myca
Cisco IOS XR System Security Configuration Guide for the Cisco CRS-1 Router
SC-74
Implementing Certification Authority Interoperability on Cisco IOS XR Software
Purpose
Enters global configuration mode.
Declares the CA that your router should use and
enters trustpoint configuration mode.
Use the ca-name argument to specify the name
•
of the CA.
Specifies manual cut-and-paste certificate
enrollment.
Saves configuration changes.
When you issue the end command, the system
•
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting (yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to
–
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session
–
and returns the router to EXEC mode
without committing the configuration
changes.
Entering cancel leaves the router in the
–
current configuration session without
exiting or committing the configuration
changes.
•
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
Authenticates the CA by obtaining the certificate of
the CA.
Use the ca-name argument to specify the name
•
of the CA. Use the same name that you entered
in
Step
2.
OL-20382-01