Software Authentication Manager Commands on Cisco IOS XR Software This chapter describes the Cisco IOS XR software commands used to configure Software Authentication Manager (SAM). For detailed information about SAM concepts, configuration tasks, and examples, see the Configuring Software Authentication Manager on Cisco IOS XR Software configuration module.
Software Authentication Manager Commands on Cisco IOS XR Software sam add certificate sam add certificate To add a new certificate to the certificate table, use the sam add certificate command in EXEC mode. sam add certificate filepath location {trust | untrust} Syntax Description filepath Absolute path to the source location of the certificate. location Storage site of the certificate. Use one of the following: root, mem, disk0, disk1, or other flash device on router.
Software Authentication Manager Commands on Cisco IOS XR Software sam add certificate requires user authentication. Another example is acquiring the certificate from a person or entity that you can verify, such as by checking the identification badge for a person. If you bypass the validation protection offered by the SAM, you must verify the identity and integrity of the certificate by some other valid process. Certificates added to the memory (mem) location validate software installed in memory.
Software Authentication Manager Commands on Cisco IOS XR Software sam delete certificate sam delete certificate To delete a certificate from the certificate table, use the sam delete certificate command in EXEC mode. sam delete certificate location certificate-index Syntax Description location Storage site of the certificate. Use one of the following: root, mem, disk0, disk1, or other flash device on router. certificate-index Number in the range from 1 to 65000.
Software Authentication Manager Commands on Cisco IOS XR Software sam delete certificate The following example shows how to cancel the deletion of the certificate identified by the index number 1 from the root location: RP/0/RP0/CPU0:router# sam delete certificate root 1 Do you really want to delete the root CA certificate (Y/N): N SAM: Delete certificate (index 1) canceled The following example shows how to delete the certificate identified by the index number 1 from the root location: RP/0/RP0/CPU0:rout
Software Authentication Manager Commands on Cisco IOS XR Software sam prompt-interval sam prompt-interval To set the interval that the Software Authentication Manager (SAM) waits after prompting the user for input when it detects an abnormal condition at boot time and to determine how the SAM responds when it does not receive user input within the specified interval, use the sam prompt-interval command in global configuration mode.
Software Authentication Manager Commands on Cisco IOS XR Software sam prompt-interval The following message appears when the software detects the abnormal condition of a Code Signing Server (CSS) certificate expired: SAM detects CA certificate (Code Signing Server Certificate Authority) has expired. The validity period is Oct 17, 2000 01:46:24 UTC - Oct 17, 2015 01:51:47 UTC.
Software Authentication Manager Commands on Cisco IOS XR Software sam verify sam verify To use the Message Digest 5 (MD5) hash algorithm to verify the integrity of the software component on a flash memory card and ensure that it has not been tampered with during transit, use the sam verify command in EXEC mode. sam verify {location | file-system} {MD5 | SHA [digest]} Syntax Description location Name of the flash memory card slot, either disk0 or disk1.
Software Authentication Manager Commands on Cisco IOS XR Software sam verify If the message digest matches the message digest generated by the sam verify command, the software component is valid. Note Examples You should calculate the hash code on the contents of the flash memory code at the destination networking device using a different set of files from the one loaded on the flash memory card.
Software Authentication Manager Commands on Cisco IOS XR Software show sam certificate show sam certificate To display records in the certificate table, use the show sam certificate command in EXEC mode. show sam certificate {detail location certificate-index | summary {all | location}} Syntax Description detail Displays all the attributes for the selected table entry (specified by the certificate-index argument). location Specifies the certificates stored in a specific location.
Software Authentication Manager Commands on Cisco IOS XR Software show sam certificate Examples The following sample output is from the show sam certificate summary all command.
Software Authentication Manager Commands on Cisco IOS XR Software show sam certificate The following sample output from the show sam certificate command shows how to display particular SAM details: RP/0/RP0/CPU0:router# show sam certificate detail mem 1 -----------------------------------------------------------Certificate Location Certificate Index Certificate Flag :mem :1 :VALIDATED ----------------------- CERTIFICATE -----------------------Serial Number :01:27:FE:79:00:00:00:00:00:05 Subject Name : cn
Software Authentication Manager Commands on Cisco IOS XR Software show sam certificate Table 17 describes the significant fields shown in the display. Table 17 show sam certificate detail mem 1 Field Descriptions Field Descriptions Certificate Location Location of the certificate; one of the following: root, mem, disk0, or disk1. Certificate Index Index number that the SAM automatically assigns to the certificate. Certificate Flag One of the following: TRUSTED, VALIDATED, EXPIRED, or REVOKED.
Software Authentication Manager Commands on Cisco IOS XR Software show sam crl show sam crl To display the records in the certificate revocation list (CRL) table, use the show sam crl command in EXEC mode. show sam crl {summary | detail crl-index} Syntax Description summary Displays selected attributes for all entries in the table. detail Displays all the attributes for the selected table entry (specified by the crl-index argument). crl-index Index number for the entry, in the range from 1 to 65000.
Software Authentication Manager Commands on Cisco IOS XR Software show sam crl Table 18 describes the significant fields shown in the display. Table 18 show sam crl summary Field Descriptions Field Description CRL Index Index number for the entry, in the range from 1 to 65000. The index is kept in the certificate revocation list table. Issuer Certificate authority (CA) that issued this CRL. Including updates of Versions of CRLs from this CA that are included in the CRL table.
Software Authentication Manager Commands on Cisco IOS XR Software show sam log show sam log To display the contents of the Software Authentication Manager (SAM) log file, use the show sam log command in EXEC mode. show sam log [lines-number] Syntax Description lines-number Defaults The show sam log command without a lines-number argument displays all the lines in the log file. Command Modes EXEC Command History Release Modification Release 2.0 This command was introduced on the Cisco CRS-1.
Software Authentication Manager Commands on Cisco IOS XR Software show sam package show sam package To display information about the certificate used to authenticate the software for a particular package installed on the networking device, use the show sam package command in EXEC mode. show sam package package-name Syntax Description package-name Defaults No default behavior or values Command Modes EXEC Command History Release Modification Release 2.
Software Authentication Manager Commands on Cisco IOS XR Software show sam package Validity Start :[UTC] Tue Oct Validity End :[UTC] Wed Apr CRL Distribution Point 9 23:14:28 2001 9 23:24:28 2002 file://\\CodeSignServer\CertEnroll\Code%20Signing%20Server%20Certificate %20Authority.crl Version 3 certificate Issuing Algorithm:MD5withRSA Public Key BER (294 bytes): 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 [0.."0...*.H.....] 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 [........0.......
Software Authentication Manager Commands on Cisco IOS XR Software show sam package Table 20 Related Commands show sam package Field Descriptions (continued) Field Description Issued By Name of the entity that issued the certificate. Version X.509 version of the certificate. The version can be 1 (X.509v1), 2 (X.509v2), or 3 (X.509v3). Issuing Algorithm Hash and public key algorithm that the issuer uses to sign the certificate. Public Key Subject public key for the certificate.
Software Authentication Manager Commands on Cisco IOS XR Software show sam sysinfo show sam sysinfo To display current configuration settings for the Software Authentication Manager (SAM), use the show sam sysinfo command in EXEC mode. show sam sysinfo Syntax Description This command has no arguments or keywords. Defaults No default behavior or values Command Modes EXEC Command History Release Modification Release 2.0 This command was introduced on the Cisco CRS-1. Release 3.0 No modification.
Software Authentication Manager Commands on Cisco IOS XR Software show sam sysinfo Table 21 show sam sysinfo Field Descriptions Field Description Status One of the following: running or not running. If the SAM is not running, the System Manager should detect that state and attempt to restart the SAM. If problems prevent the System Manager from restarting the SAM after a predefined number of repeated attempts, the SAM will not be restarted.
Software Authentication Manager Commands on Cisco IOS XR Software show sam sysinfo Cisco IOS XR System Security Command Reference SR-228
