User`s guide
268 XSR User’s Guide
VPN Configuration Overview Chapter 11
Configuring the Virtual Private Network
Remember that if you create a password, save it so it can be used later in
case you need to revoke the CA. Respond yes to all questions. and jot
down the certificate serial number for comparison purposes.
XSR(config)#crypto ca enroll PKItestca1
%
% Start certificate enrollment
% Create a challenge password. You will need to verbally
provide this password to the CA Administrator in order to
revoke your certificate.
For security reasons your password will not be saved in the
configuration.
Please make a note of it.
Password:****
Re-enter password:****
Include the router serial number in the subject name (y/n) ? y
The serial number in the certificate will be: 3526015000250142
Request certificate from CA (y/n) ? y
You may experience a short delay while RSA keys are generated.
Once key generation is complete, the certificate request
will be sent to the Certificate Authority.
Use 'show crypto ca certificate' to show the fingerprint.
<186>Aug 29 7:11:1 192.168.1.33 PKI: A certificate was successfully
received from the CA.
8 Once the certificate is properly enrolled, issue the show ca
certificates
command to display the end-entity and other certificates.
The first certificate shown, identified as being in ENTITY-ACTIVE state,
is the end-entity certificate. Compare the Subject ID to the serial number
earlier displayed by the enrollment script to verify its authenticity.
XSR#show crypto ca certificates
Certificate - issued by PKItestca1
State: ENTITY-ACTIVE
Version: V3
Serial Number: 75289387826578118934757
Issuer: MAILTO=foo@foo.com, C=US, ST=MA, L=Andover,
O=VPN Engineering, OU=Engineering, CN=PKI Test Certificate Authority
Valid From: 2002 Aug 29th, 15:51:58 GMT