Table of Contents
Advertisement
State:
Version:
Serial Number:
Issuer:
Valid From:
Valid To:
Subject:
Fingerprint:
Certificate Size:
5.
Enroll in an end-entity certificate from a CA for which you have previously authenticated;
e.g., hightest.
The script will prompt you to enter and re-enter a challenge password you create or is given to
you by your CA administrator. Remember that if you create a password, save it so it can be
used later in case you need to revoke the CA. Respond yes to all questions. and jot down the
certificate serial number for comparison purposes.
XSR(config)#crypto ca enroll hightest
%
% Start certificate enrollment
Create a challenge password. You will need to verbally
provide this password to the CA Administrator in order to
revoke your certificate. For security reasons your password
will not be saved in the configuration.
Please make a note of it.
Password:****
Re-enter
password:****
Request certificate from CA (y/n) ?
You may experience a short delay while RSA keys are generated.
Once key generation is complete, the certificate request
will be sent to the Certificate Authority.
Use 'show crypto ca certificate' to show the fingerprint.
XSR(config)#<186>Aug 29 7:11:1 192.168.1.33 PKI: A certificate was successfully
received from the CA.
<186>Nov 13 21:03:20 63.81.64.58 AAA: Current device Time: 2003 Nov 13th, 21:03:20 GMT
<186>Nov 13 21:03:20 63.81.64.58 AAA: Certificate valid from: 2003 Nov 13th, 21:57:02 GMT
<186>Nov 13 21:03:20 63.81.64.58 AAA: Certificate valid to: 2004 Aug 5th, 16:16:08 GMT
6.
Once the certificate is properly enrolled, issue the
to display the end-entity and other certificates.
The first certificate shown, identified as being in ENTITY-ACTIVE state, is the end-entity
certificate. Compare the Subject ID to the serial number earlier displayed by the enrollment
script to verify its authenticity.
XSR#show crypto ca certificates
Certificate - issued by hightest
State:
Version:
Serial Number:
Issuer:
Valid From:
CA-AUTHENTICATED
V3
458128729515158954573993
C=US, O=sml, CN=hightest
2002 Jul 24th, 20:45:13 GMT
2003 Jul 24th, 20:55:13 GMT
C=US, O=sml.com, CN=sml_requestor
91EB5A77 B5CA535A 077B65C5 65035615
1695 bytes
y
ENTITY-ACTIVE
V3
75289387826578118934757
C=US, O=sml, CN=hightest
2002 Aug 29th, 15:51:58 GMT
Interoperability Profile for the XSR
show crypto ca certificates
command
XSR User's Guide 14-51
Advertisement
Table of Contents
Troubleshooting
