Enterasys Networks Security Router X-PeditionTM User Manual

Page 372

Advertising
background image

Interoperability Profile for the XSR

14-50 Configuring the Virtual Private Network

1.

Begin by asking your CA administrator for your CA name and URL. The CA’s URL defines its
IP address, path and default port (80). You can resolve the CA server address manually by
pinging its IP address.

2.

Be sure that the XSR time setting is correct according to the UTC time zone so that it is
synchronized with the CA’s time. For example:

XSR#clock timezone -7 0

3.

Specify the enrollment URL, authenticate the CA and retrieve the root certificate. Check your
CA Website to ensure that the printed fingerprint matches the CA's fingerprint, which is
retrieved from the CA itself, to verify the CA is not a fake. If bona fide, accept the certificate, if
not, check to be sure the certificate is deleted and not stored in the CA database. In certain
situations you may need to specify a particular CA identity name. Consult your administrator
for more information.

XSR(config)#crypto ca identity hightest
XSR(config-ca-identity)#enrollment url http://192.168.1.33/certsrv/mscep/
mscep.dll/
XSR(config-ca-identity)#exit
XSR(config)#crypto ca authenticate PKItestca1

Certificate has the following attributes:
Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A302
Do you accept this certificate? [yes/no] y

4.

Display your CA certificates to verify all root and associated certificates are present. In the RA
Mode example below, Hightest is the root CA of three certificates. Non-RA Mode CAs return
one certificate only.

XSR(config)#show crypto ca certificates

CA Certificate - Hightest
State: CA-AUTHENTICATED
Version: V3
Serial Number: 6083684655030387331394927502614112809
Issuer:

C=US, O=sml, CN=hightest

Valid From: 2002 Jun 4th, 12:40:46 GMT
Valid To: 2004 Jun 4th, 12:48:15 GMT
Subject:

C=US, O=sml, CN=hightest

Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A302
Certificate Size: 1157 bytes

RA KeyEncipher Certificate - Hightest-rae
State: CA-AUTHENTICATED
Version: V3
Serial Number: 458128935273366930063530
Issuer:

C=US, O=sml, CN=hightest

Valid From: 2002 Jul 24th, 20:45:14 GMT
Valid To: 2003 Jul 24th, 20:55:14 GMT
Subject:

C=US, O=sml, sml_requestor

Fingerprint: F1279D63 AFFC3D93 48E5F311 73A1D16F
Certificate Size: 1695 bytes

RA Signature Certificate - Hightest-ras

Advertising
Popular Brands
Popular manuals