Crl frequency – Enterasys Networks X-Pedition XSR CLI User Manual

CA Identity Mode Commands

XSR CLI Reference Guide 14-85

Syntax of the “no” Form

Use the no form  to delete all identity information and certificates associated with the CA:

no crypto ca identity name

Mode

Global configuration: 

XSR(config)#

Next Mode

Certificate Authority Identity configuration: 

XSR(ca-identity)#

Examples

The following example declares and identifies characteristics of the CA. In this example, the name 
ACMEca is created for the CA, which is located at 

http://ca_server

.. This is the minimum  

configuration required to declare a CA.

XSR(config)#crypto ca identity ACMEca
XSR(ca-identity)#enrollment url http://ca_server

The following example sets a nonstandard retry period and count, and permits the router to 
accept certificates when CRLs are not obtainable.

XSR(config)#crypto ca identity ACMEca
XSR(ca-identity)#enrollment url http://AAA_ca/coldstorage/scripts.exe
XSR(ca-identity)#query url ldap://serverx
XSR(ca-identity)#enrollment retry period 20
XSR(ca-identity)#enrollment retry count 100

In the example above, if the XSR does not get a certificate back from the CA within 20 minutes of 
sending a certificate request, it will resend the request. The XSR will repeat certificate requests 
every retry period until until 100 requests have been sent. If the CA is not available at the specified 
location, obtain the URL from your CA administrator.

crl frequency

The command specifies the interval between Certificate Revocation List (CRL) retrievals.

Syntax

crl frequency number

Syntax of the “no” Form

The no form of this command resets the value to the default:

no crl frequency

name

Name for the CA.

numbers

Interval between retries, ranging from 1 to 1440 minutes.