Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

CA Identity Mode Commands

XSR CLI Reference Guide 14-85

Syntax of the “no” Form

UsethenoformtodeleteallidentityinformationandcertificatesassociatedwiththeCA:

no crypto ca identity name

Mode

Globalconfiguration:XSR(config)#

Next Mode

CertificateAuthorityIdentityconfiguration:XSR(ca-identity)#

Examples

ThefollowingexampledeclaresandidentifiescharacteristicsoftheCA.Inthisexample,thename

ACMEcaiscreatedfortheCA,whichislocatedat

http://ca_server..Thisistheminimum

configurationrequiredtodeclareaCA.

XSR(config)#crypto ca identity ACMEca

XSR(ca-identity)#enrollment url http://ca_server

Thefollowingexamplesetsanonstandardretryperiodandcount,andpermitstherouterto

acceptcertificateswhenCRLsarenotobtainable.

XSR(config)#crypto ca identity ACMEca

XSR(ca-identity)#enrollment url http://AAA_ca/coldstorage/scripts.exe

XSR(ca-identity)#query url ldap://serverx

XSR(ca-identity)#enrollment retry period 20

XSR(ca-identity)#enrollment retry count 100

Intheexampleabove,iftheXSRdoesnotgetacertificatebackfromtheCAwithin20minutesof

sendingacertificaterequest,itwillresendtherequest.TheXSRwillrepeatcertificaterequests

everyretryperioduntiluntil100requestshavebeensent.IftheCAisnotavailable

atthespecified

location,obtaintheURLfromyourCAadministrator.

crl frequency

ThecommandspecifiestheintervalbetweenCertificateRevocationList(CRL)retrievals.

Syntax

crl frequency number

Syntax of the “no” Form

Thenoformofthiscommandresetsthevaluetothedefault:

no crl frequency

name

NamefortheCA.

numbers

Intervalbetweenretries,rangingfrom1to1440minutes.

previous next