Enterasys Networks X-PeditionTM manual XSRconfig#ip domain acme.com

VPN Configuration Overview

XSR(config)#ip domain acme.com

8.Enroll in an end-entity certificate from a CA for which you have previously authenticated; e.g., ldapca.

The CLI script will prompt you to enter and re-enter a challenge password you create or is given to you by your CA administrator.

Remember that if you create a password, save it so it can be used later in case you need to revoke the certificate. Respond yes to all questions. and jot down the certificate serial number for comparison purposes.

XSR(config)#crypto ca enroll ldapca

%

% Start certificate enrollment

Create a challenge password. You will need to verbally provide this password to the CA Administrator in order to revoke your certificate. For security reasons your password will not be saved in the configuration.

Please make a note of it. Password:****

Re-enter password:****

Request certificate from CA (y/n) ? y

You may experience a short delay while RSA keys are generated. Once key generation is complete, the certificate request will be sent to the Certificate Authority.

Use 'show crypto ca certificate' to show the fingerprint.

XSR(config)#<186>Aug 29 7:11:1 192.168.1.33 PKI: A certificate was successfully received from the CA.

<186>Nov 13 21:03:20 63.81.64.58 AAA: Current device Time: 2003 Nov 13th, 21:03:20 GMT

<186>Nov 13 21:03:20 63.81.64.58 AAA: Certificate valid from: 2003 Nov 13th, 21:57:02 GMT

<186>Nov 13 21:03:20 63.81.64.58 AAA: Certificate valid to: 2004 Aug 5th, 16:16:08 GMT

9.Once the certificate is properly enrolled, issue the show ca certificates command to display the end-entity and other certificates. The first certificate shown, identified as being in ENTITY-ACTIVE state, is the end-entitycertificate. Compare the Subject ID to the serial number earlier displayed by the enrollment script to verify its authenticity.

XSR#show crypto ca certificates

Certificate - issued by ldapca

State:ENTITY-ACTIVE

14-30 Configuring the Virtual Private Network