ADC 3 Configuring Trust and Validity for Manufacturer Certificates

ADC Telecommunications, Inc.

458 CHAPTER 19: MANAGING CABLE MODEMS

Configuring Trust and Validity for Manufacturer Certificates

A Certificate Authority (CA) is a self-signed certificate containing the DOCSIS

CA’s trusted public key. The manufacturer issues an X.509 certificate that

binds the cable modem public key to other identifying information. BPI+ uses

the X.509 digital certificate to authenticate key exchanges between the

cable modem and CMTS.

You can configure and display trust for all new self-assigned manufacturer

certificates, as well as for existing certificates for a specified cable modem. In

addition you can configure certificates to have or not to have their validity

period checked against the current time of day. Note that this task applies to

BPI+ only.

Configuring trust and validity for certificates involves setting the following

parameters:

Table 19-5 Parameters for Setting and Displaying Trust and Validity for

Certificates

Parameter Description

interface cable <c/s/i> The interface for which you want to display

certificates.

mac-address The MAC address of the cable modem for which

you want to display certificates.

trusted Sets a valid certificate.

untrusted Sets an invalid certificate. The default is set to

untrusted.

enable Sets the certificate to True. This means that the

validity is checked against the current time of day.

disable Sets the certificate to False. This means that the

validity is not checked against the current time of

day.

learnt Indicates that you want to display the certificates

for the cable modems.

provisioned Indicates that you want to display the certificates

for the provisioned cable modem.

details Indicates that you want to display the BPI+

privacy authorization for the provisioned cable

modem.