Cisco IOS XR Configuration Manual page 174

How to Implement Secure Socket Layer
DETAILED STEPS
Command or Action
Step 1
crypto key generate rsa [usage-keys |
general-keys] [ keypair-label ]
Example:
RP/0/RP0/CPU0:router# crypto key generate rsa
general-keys
The name for the keys will be: the_default
% You already have keys defined for the_default
Do you really want to replace them? [yes/no]:
Step 2
configure
Example:
RP/0/RP0/CPU0:router# configure
Step 3
domain ipv4 host host-name v4address1
[
v4address2...v4address8
Example:
RP/0/RP0/CPU0:router(config)# domain ipv4 host
ultra5 192.168.7.18
Step 4
crypto ca trustpoint ca-name
Example:
RP/0/RP0/CPU0:router(config)# crypto ca
trustpoint myca
Step 5
enrollment url CA-URL
Example:
RP/0/RP0/CPU0:router(config-trustp)# enrollment
url
http://ca.domain.com/certsrv/mscep/mscep.dll
Cisco IOS XR System Security Configuration Guide
SC-162
]
[unicast | multicast]
Implementing Secure Socket Layer on Cisco IOS XR Software
Purpose
Generates RSA key pairs.
RSA key pairs are used to sign and encrypt Internet Key
•
Exchange (IKE) key management messages and are
required before you can obtain a certificate for your
router.
Use the usage-keys keyword to specify special usage
•
keys; use the general-keys keyword to specify
general-purpose RSA keys.
• The keypair-label argument is the RSA key pair label
that names the RSA key pairs.
To generate DSA key pairs, use the cypto key generate
•
dsa command in EXEC mode.
Enters global configuration mode.
Defines a static hostname-to-address mapping in the host
cache using IPv4.
To define a static hostname-to-address mapping in the
•
host cache using IPv6, use the domain ipv6 host
hostname v6address1 [v6address2...v6address8]
[unicast | multicast] command.
Configures a trusted point with a selected name so that your
router can verify certificates issued to peers.
Enters trustpoint configuration mode.
•
Specifies the URL of the CA.
• The URL should include any nonstandard cgi-bin script
location.