Enterasys Networks X-PeditionTM manual XSR#clock timezone -7

Interoperability Profile for the XSR

1.Begin by asking your CA administrator for your CA name and URL. The CA’s URL defines its IP address, path and default port (80). You can resolve the CA server address manually by pinging its IP address.

2.Be sure that the XSR time setting is correct according to the UTC time zone so that it is synchronized with the CA’s time. For example:

XSR#clock timezone -7 0

3.Specify the enrollment URL, authenticate the CA and retrieve the root certificate. Check your CA Website to ensure that the printed fingerprint matches the CA's fingerprint, which is retrieved from the CA itself, to verify the CA is not a fake. If bona fide, accept the certificate, if not, check to be sure the certificate is deleted and not stored in the CA database. In certain situations you may need to specify a particular CA identity name. Consult your administrator for more information.

XSR(config)#crypto ca identity hightest XSR(config-ca-identity)#enrollment url http://192.168.1.33/certsrv/mscep/ mscep.dll/

XSR(config-ca-identity)#exit XSR(config)#crypto ca authenticate PKItestca1

Certificate has the following attributes: Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A302 Do you accept this certificate? [yes/no] y

4.Display your CA certificates to verify all root and associated certificates are present. In the RA Mode example below, Hightest is the root CA of three certificates. Non-RA Mode CAs return one certificate only.

XSR(config)#show crypto ca certificates

CA Certificate - Hightest

State:CA-AUTHENTICATED

Version:V3

Serial Number: 6083684655030387331394927502614112809

14-50 Configuring the Virtual Private Network