CA Identity Mode Commands
XSR CLI Reference Guide 14-85
Syntax of the “no” Form
UsethenoformtodeleteallidentityinformationandcertificatesassociatedwiththeCA:
no crypto ca identity name
Mode
Globalconfiguration:XSR(config)#
Next Mode
CertificateAuthorityIdentityconfiguration:XSR(ca-identity)#
Examples
ThefollowingexampledeclaresandidentifiescharacteristicsoftheCA.Inthisexample,thename
ACMEcaiscreatedfortheCA,whichislocatedathttp://ca_server..Thisistheminimum
configurationrequiredtodeclareaCA.
XSR(config)#crypto ca identity ACMEca
XSR(ca-identity)#enrollment url http://ca_server
Thefollowingexamplesetsanonstandardretryperiodandcount,andpermitstherouterto
acceptcertificateswhenCRLsarenotobtainable.
XSR(config)#crypto ca identity ACMEca
XSR(ca-identity)#enrollment url http://AAA_ca/coldstorage/scripts.exe
XSR(ca-identity)#query url ldap://serverx
XSR(ca-identity)#enrollment retry period 20
XSR(ca-identity)#enrollment retry count 100
Intheexampleabove,iftheXSRdoesnotgetacertificatebackfromtheCAwithin20minutesof
sendingacertificaterequest,itwillresendtherequest.TheXSRwillrepeatcertificaterequests
everyretryperioduntiluntil100requestshavebeensent.IftheCAisnotavailableatthespecified
location,obtaintheURLfromyourCAadministrator.

crl frequency

ThecommandspecifiestheintervalbetweenCertificateRevocationList(CRL)retrievals.
Syntax
crl frequency number
Syntax of the “no” Form
Thenoformofthiscommandresetsthevaluetothedefault:
no crl frequency
name NamefortheCA.
numbers Intervalbetweenretries,rangingfrom1to1440minutes.