Filter
Top Products
20-7
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter 20 Certificate Authority Server
Create CA Server
• Enrollment-Request—Open certificate requests existing in the enrollment
database, but not including requests received through SCEP. Lifetime is
entered in hours, in the range 1–1000. If no value is entered, an open
enrollment request expires after 168 hours (one week).
CA Server Wizard: RSA Keys
The CA server uses public and private RSA keys to encrypt data and to sign
certificates. SDM automatically generates a new key pair and gives it the name of
the CA server. You can change the key modulus and type, and you can make the
key exportable. You must enter a passphrase to use when restoring the CA server.
Label
This field is read-only. SDM uses the name of the CA server as the name of the
key pair.
Modulus
Enter the key modulus value. If you want a modulus value between 512 and 1024
enter an integer value that is a multiple of 64. If you want a value higher than
1024, you can enter 1536 or 2048. If you enter a value greater than 512, key
generation may take a minute or longer.
The modulus determines the size of the key. The larger the modulus, the more
secure the key, but keys with large modulus take longer to generate, and
encryption/decryption operations take longer with larger keys.
Type
By default, Cisco SDM creates a general purpose key pair that is used for both
encryption and signature. If you want Cisco SDM to generate separate key pairs
for encrypting and signing documents, choose Usage Keys. Cisco SDM will
generate usage keys for encryption and signature.
Key is exportable
Check Key is exportable if you want the CA server key to be exportable.