Pki commands, Ca identity mode commands, Pki commands -84 ca identity mode commands -84 – Enterasys Networks X-Pedition XSR CLI User Manual
Page 538: Ca identity mode commands crypto ca identity
PKI commands
14-84 Configuring the VPN
•
•
“Crypto Transform Mode Commands”
•
•
•
•
•
“Tunnel Clear and Show Commands”
•
“Additional Tunnel Termination Commands”
•
PKI commands
The following commands configure Public Key Infrastructure (PKI) on the XSR.
CA Identity Mode Commands
crypto ca identity
This command declares the Certificate Authority (CA) the XSR should use and identifies CAs
which may be required as part of the CA chain for the router or a peer IPSec client. If you
previously declared the CA and just want to update its characteristics, specify the name you
previously created. In some cases, the CA might require a particular CA name, such as its domain
name.
Performing this command acquires CA Identity mode, where you can specify CA characteristics
with the following sub‐commands:
•
crl frequency
‐ Specifies the interval between Certificate Revocation List (CRL) retrievals
and other maintenance that may be performed periodically. Refer to
for the
command definition.
•
enrollment http-proxy
‐ Specifies the local HTTP proxy server. It is optional. Refer to
•
enrollment retry count
‐ Specifies how many certificate enrollment polls
the XSR
will
send before giving up. It is defaulted. Refer to
•
enrollment retry period
‐ Specifies an interval that the XSR should wait between sending
certificate request retries. It is defaulted. Refer to
for the command definition.
•
enrollment url
‐ Specifies the URL of the CA and is always required. Refer to
the command definition.
Syntax
crypto ca identity name
Note: AAA commands are described in Chapter 13: Configuring Security.