Enterasys Networks X-Pedition XSR CLI User Manual

CA Identity Mode Commands

XSR CLI Reference Guide 14-89

Syntax

crypto ca enroll name

Syntax of the “no” Form

The no form of this command cancels a current enrollment request:

no crypto ca enroll name

Mode

Global configuration: 

XSR(config)#

Sample Output

The following script displays when you invoke the

crypto ca enroll

command. Note that you 

are prompted to enter your password and whether to proceed.

XSR(config)#crypto ca enroll ACMEca
%
% Start certificate enrollment
% Create a challenge password. You will need to verbally provide this password to
the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password:****
Re-enter password:****

Include the router serial number in the subject name (y/n) ? y
The serial number in the certificate will be: 3526015000250142
Request certificate from CA (y/n) ? y
You may experience a short delay while RSA keys are generated.
Once key generation is complete, the certificate request
will be sent to the Certificate Authority.
Use 'show crypto ca certificate' to show the fingerprint.
<186>Aug 29 7:11:1 192.168.1.33 PKI: A certificate was successfully
received from the CA.

Caution: We recommend that you do not enroll more certificates than permitted by the 1.5 MByte
system limit imposed on the cert.dat Flash file. Doing so may destabilize the XSR and require
you to delete the file.

name

Name of the CA. Use the same name as when you declared the CA with 
the 

crypto ca identity

 command.