PKI commands
14-84 Configuring the VPN
• “CryptoMapModeCommands”onpage 14‐110.
• “CryptoTransformModeComm ands” onpage 14‐115.
• “CryptoShowCommands”onpage 14‐118.
• “InterfaceCLICommands”onpage 14‐121.
• “InterfaceVPNCommands”onpage 14‐122.
• “TunnelCommands”onpage 14‐127.
• “TunnelClearandShowComm ands”onpage 14‐132.
• “AdditionalTunnelTerminationCommands”on
page 14‐134.
• “DFBitCommands”onpage 14‐137.
PKI commands
ThefollowingcommandsconfigurePublicKeyInfrastructure(PKI)ontheXSR.
CA Identity Mode Commands
crypto ca identity
ThiscommanddeclarestheCertificateAuthority(CA)theXSRshoulduseandidentifiesCAs
whichmayberequiredaspartoftheCAchainfortherouterorapeerIPSecclient.Ifyou
previouslydeclaredtheCAandjustwanttoupdateitscharacteristics,specifythenameyou
previouslycreated.
Insomecases,theCAmightrequireaparticularCAname,suchasitsdomain
name.
PerformingthiscommandacquiresCAIdentitymode,whereyoucanspecifyCAcharacteristics
withthefollowingsub‐commands:
•
crl frequency‐SpecifiestheintervalbetweenCertificateRevocationList(CRL)retrievals
andothermaintenancethatmaybeperformedperiodically.Refertopage14‐85forthe
commanddefinition.
•
enrollment http-proxy‐SpecifiesthelocalHTTPproxyserver.Itisoptional.Refertopage
14‐86forthecommanddefinition.
•
enrollment retry count ‐SpecifieshowmanycertificateenrollmentpollstheXSRwill
sendbeforegivingup.Itisdefaulted.Refertopage14‐86forthecommanddefinition.
•
enrollment retry period‐SpecifiesanintervalthattheXSRshouldwaitbetweensending
certificaterequestretries.Itisdefaulted.Refertopage14‐87forthecommanddefinition.
•
enrollment url‐SpecifiestheURLoftheCAandisalwaysrequired.Refertopage14‐88for
thecommanddefinition.
Syntax
crypto ca identity name
Note: AAA commands are described in Chapter 13: Configuring Security.