Manualshelf

Technical information

ManualsBrandsCisco ManualsComputer equipmentCraft Works Interface
12345678910
9
Note The SSH server must be enabled before you can manage a router using certain CWI features. These features include the
SSH application, setting character displays in the Rack View application,and viewingcommitted configuration changes
using the Configuration Change dialog box. See the Cisco IOS XR System Security Configuration Guide for
information on enabling the SSH server.
Note If you are connecting through a firewall in your network, the ports listed in Table 1 must be open before setting up the
required Management Services. See your firewall documentation for information on opening the ports. See the
“Network Considerations” section on page 3 for information on firewalls in a network.
Note You must have the Cisco IOS XR Security Package installed before attempting to complete the steps in this section. See
the “Router Prerequisites” section on page 7.
Note CWI does not support receiving notifications in CORBA SSL mode.
Setting Up the Certificates
Note The CA and router certificates have to be set up only once on a router. If the certificates have been set up, proceed to
the “Enabling the Secure HTTP Server and XML Agent” section on page 10.
To set up the certificates, perform the following steps:
Step 1 Establish a Telnet/SSH session with the router.
Step 2 Generate a Rivest, Shamir, and Adelman (RSA) key pair. Accept all prompted defaults.
RP/0/RP0/CPU0:router# crypto key generate rsa
keypair-label
Note If the key pair label is not specified, “the_default” will be used.
The following example is shown:
RP/0/RP0/CPU0:router# crypto key generate rsa key1
Step 3 Enter configuration mode.
RP/0/RP0/CPU0:router# configure
Step 4 Configure the CA trustpoint.
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint
ca-name
RP/0/RP0/CPU0:router(config-trustp)# enrollment url
ca-URL
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair
keypair-label
(This command must be completed if a
keypair label is specified in Step 2.)
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
The following example is shown:
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint myca
RP/0/RP0/CPU0:router(config-trustp)# enrollment url http://myca/mydomain.com
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit