User`s guide
XSR User’s Guide 267
Chapter 11 VPN Configuration Overview
Configuring the Virtual Private Network
Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A302
Certificate Size: 1157 bytes
RA KeyEncipher Certificate - PKItestca1-rae
State: CA-AUTHENTICATED
Version: V3
Serial Number: 458128935273366930063530
Issuer: MAILTO=foo@foo.com, C=US, ST=MA, L=Andover,
O=VPN Eng, OU=Eng, CN=PKI Test Certificate Authority
Valid From: 2002 Jul 24th, 20:45:14 GMT
Valid To: 2003 Jul 24th, 20:55:14 GMT
Subject: MAILTO=SCEP, C=US, ST=MA, L=Andover,
O=Enterasys Networks, OU=Eng, CN=Scep
Fingerprint: F1279D63 AFFC3D93 48E5F311 73A1D16F
Certificate Size: 1695 bytes
RA Signature Certificate - PKItestca1-ras
State: CA-AUTHENTICATED
Version: V3
Serial Number: 458128729515158954573993
Issuer: MAILTO=foo@foo.com, C=US, ST=MA, L=Andover,
O=VPN Eng, OU=Eng, CN=PKI Test Certificate Authority
Valid From: 2002 Jul 24th, 20:45:13 GMT
Valid To: 2003 Jul 24th, 20:55:13 GMT
Subject: MAILTO=SCEP, C=US, ST=MA, L=Andover,
O=Enterasys Networks, OU=Eng, CN=Scep
Fingerprint: 91EB5A77 B5CA535A 077B65C5 65035615
Certificate Size: 1695 bytes
5 Set the CRL retrieval rate and download the latest CRL (optional).
XSR(config)#crl frequency 12
XSR(config)#crypto ca crl request PKItestca1
6 Add a static host to store IP addresses for use by the CRL mechanism.
XSR(config)#ip host CRLrepository 223.125.57.88
7 Enroll in an end-entity certificate from a CA for which you have previously
authenticated; e.g.,
PKItestca1.
The script will prompt you to enter and re-enter a challenge password
you create or is given to you by your CA administrator.