CA Identity Mode Commands
XSR CLI Reference Guide 14-89
Syntax
crypto ca enroll name
Syntax of the “no” Form

Thenoformofthiscommandcancelsacurrentenrollmentrequest:

no crypto ca enroll name
Mode

Globalconfiguration:XSR(config)#

Sample Output

Thefollowingscriptdisplayswhenyouinvokethe crypto ca enroll command.Notethatyou

arepromptedtoenteryourpasswordandwhethertoproceed.

XSR(config)#crypto ca enroll ACMEca
%
% Start certificate enrollment
% Create a challenge password. You will need to verbally provide this password to
the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password:****
Re-enter password:****
Include the router serial number in the subject name (y/n) ? y
The serial number in the certificate will be: 3526015000250142
Request certificate from CA (y/n) ? y
You may experience a short delay while RSA keys are generated.
Once key generation is complete, the certificate request
will be sent to the Certificate Authority.
Use 'show crypto ca certificate' to show the fingerprint.
<186>Aug 29 7:11:1 192.168.1.33 PKI: A certificate was successfully
received from the CA.
Caution: We recommend that you do not enroll more certificates than permitted by the 1.5 MByte
system limit imposed on the cert.dat Flash file. Doing so may destabilize the XSR and require
you to delete the file.
name NameoftheCA.UsethesamenameaswhenyoudeclaredtheCAwith

thecrypto ca identitycommand.