Table of Contents
Advertisement
name
Syntax of the "no" Form
Use the no form to delete all identity information and certificates associated with the CA:
no crypto ca identity name
Mode
Global configuration:
Next Mode
Certificate Authority Identity configuration:
Examples
The following example declares and identifies characteristics of the CA. In this example, the name
ACMEca is created for the CA, which is located at
configuration required to declare a CA.
XSR(config)#crypto ca identity ACMEca
XSR(ca-identity)#enrollment url http://ca_server
The following example sets a nonstandard retry period and count, and permits the router to
accept certificates when CRLs are not obtainable.
XSR(config)#crypto ca identity ACMEca
XSR(ca-identity)#enrollment url http://AAA_ca/coldstorage/scripts.exe
XSR(ca-identity)#query url ldap://serverx
XSR(ca-identity)#enrollment retry period 20
XSR(ca-identity)#enrollment retry count 100
In the example above, if the XSR does not get a certificate back from the CA within 20 minutes of
sending a certificate request, it will resend the request. The XSR will repeat certificate requests
every retry period until until 100 requests have been sent. If the CA is not available at the specified
location, obtain the URL from your CA administrator.
crl frequency
The command specifies the interval between Certificate Revocation List (CRL) retrievals.
Syntax
crl frequency number
numbers
Syntax of the "no" Form
The no form of this command resets the value to the default:
no crl frequency
Name for the CA.
XSR(config)#
Interval between retries, ranging from 1 to 1440 minutes.
XSR(ca-identity)#
http://ca_server
CA Identity Mode Commands
.. This is the minimum
XSR CLI Reference Guide 14-85
Advertisement
Table of Contents
