Enterasys Networks XSR CLI Benutzerhandbuch
PKI commands
14-84 Configuring the VPN
•
•
•
•
•
•
•
•
•
PKI commands
The following commands configure Public Key Infrastructure (PKI) on the XSR.
CA Identity Mode Commands
crypto ca identity
This command declares the Certificate Authority (CA) the XSR should use and identifies CAs
which may be required as part of the CA chain for the router or a peer IPSec client. If you
previously declared the CA and just want to update its characteristics, specify the name you
previously created. In some cases, the CA might require a particular CA name, such as its domain
name.
which may be required as part of the CA chain for the router or a peer IPSec client. If you
previously declared the CA and just want to update its characteristics, specify the name you
previously created. In some cases, the CA might require a particular CA name, such as its domain
name.
Performing this command acquires CA Identity mode, where you can specify CA characteristics
with the following sub‐commands:
with the following sub‐commands:
•
crl frequency
‐ Specifies the interval between Certificate Revocation List (CRL) retrievals
for the
command definition.
•
enrollment http-proxy
for the command definition.
•
enrollment retry count
‐ Specifies how many certificate enrollment polls
the XSR
will
send before giving up. It is defaulted. Refer to
•
enrollment retry period
‐ Specifies an interval that the XSR should wait between sending
certificate request retries. It is defaulted. Refer to
•
enrollment url
for
the command definition.
Syntax
crypto ca identity name
Note: AAA commands are described in Chapter 13: Configuring Security.