Filter
Top Products
9
Note You must have the Crypto pie installed before attempting to complete the steps in this section. See the “Router
Prerequisites” section on page 6.
Setting Up the Certificates
Note The CA and router certificates have to be set up only once on a router. If the certificates have been set up, proceed to
the “Enabling the Secure HTTP Server and CORBA Agent” section on page 10.
To set up the certificates, perform the following steps:
Step 1 Establish a Telnet/SSH session with the router.
Step 2 Generate a Rivest, Shamir, and Adelman (RSA) key pair. Accept all prompted defaults.
RP/0/RP0/CPU0:router# crypto key generate rsa keypair-label
Note If the key pair label is not specified, “the_default” will be used.
Example:
RP/0/RP0/CPU0:router# crypto key generate rsa key1
Step 3 Enter configuration mode.
RP/0/RP0/CPU0:router# configure terminal
Step 4 Configure the CA trustpoint.
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint ca-name
RP/0/RP0/CPU0:router(config-trustp)# enrollment url ca-URL
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label (This command must be completed if a
keypair label is specified in Step 2.)
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
Example:
RP/0/RP0/CPU0:router(config)# crypto ca trustpoint myca
RP/0/RP0/CPU0:router(config-trustp)# enrollment url http://myca/mydomain.com
RP/0/RP0/CPU0:router(config-trustp)# rsakeypair keypair-label
RP/0/RP0/CPU0:router(config-trustp)# exit
RP/0/RP0/CPU0:router(config)# commit
Step 5 Exit configuration mode.
RP/0/RP0/CPU0:router(config)# commit
Step 6 Authenticate the CA by getting the certificate for the CA.
RP/0/RP0/CPU0:router# crypto ca authentication ca-name
Step 7 Obtain a router certificate from the CA.
RP/0/RP0/CPU0:router# crypto ca enroll ca-name
Step 8 Verify that the router was granted a certificate. This command displays information about the router certificate and the
CA certificate.
RP/0/RP0/CPU0:router# show crypto ca certificate