PKI commands
14-84 Configuring the VPN
“CryptoMapModeCommands”onpage 14110.
“CryptoTransformModeCommands”onpage 14115.
“CryptoShowCommands”onpage 14118.
“InterfaceCLICommands”onpage 14121.
“InterfaceVPNCommands”onpage 14122.
“TunnelCommands”onpage 14127.
“TunnelClearandShowCommands”onpage 14132.
AdditionalTunnelTerminationCommands”onpage 14134.
“DFBitCommands”onpage 14137.

PKI commands

ThefollowingcommandsconfigurePublicKeyInfrastructure(PKI)ontheXSR.

CA Identity Mode Commands

crypto ca identity

ThiscommanddeclarestheCertificateAuthority(CA)theXSRshoulduseandidentifiesCAs
whichmayberequiredaspartoftheCAchainfortherouterorapeerIPSecclient.Ifyou
previously���declaredtheCAandjustwanttoupdateitscharacteristics,specifythenameyou
previouslycreated.Insomecases,theCAmightrequireaparticularCAname,suchasitsdomain
name.
PerformingthiscommandacquiresCAIdentitymode,whereyoucanspecifyCAcharacteristics
withthefollowingsubcommands:
crl frequency‐SpecifiestheintervalbetweenCertificateRevocationList(CRL)retrievals
andothermaintenancethatmaybeperformedperiodically.Refertopage1485forthe
commanddefinition.
enrollment http-proxy‐SpecifiesthelocalHTTPproxyserver.Itisoptional.Refertopage
1486forthecommanddefinition.
enrollment retry count ‐SpecifieshowmanycertificateenrollmentpollstheXSRwill
sendbeforegivingup.Itisdefaulted.Refertopage1486forthecommanddefinition.
enrollment retry period‐SpecifiesanintervalthattheXSRshouldwaitbetweensending
certificaterequestretries.Itisdefaulted.Refertopage1487forthecommanddefinition.
enrollment url‐SpecifiestheURLoftheCAandisalwaysrequired.Refertopage1488for
thecommanddefinition.
Syntax
crypto ca identity name
Note: AAA commands are described in Chapter 13: Configuring Security.