Figure 204 Communication Between the Router and CA

[View full size image]

New York

The router CA support is oonligure<l. Date, time and lime zone. Hostname, tomam name Dictare the CA

1

The router generates lhe ¿Qh«--public.'pnvale fiay pair

i

Authentication Process i. The rouler senûa me C A/RA eertiltcate rcquesl iû lhe CA.

Authentication Process i. The rouler senûa me C A/RA eertiltcate rcquesl iû lhe CA.

3. The couler downloads the CWRa certifícale.

4. The fouler authenticates the CA/FtA ceftiiicaie i.

Certificate Server

3. The CA generates lhe CA'RA and neluma It to trie router

3. The couler downloads the CWRa certifícale.

4. The fouler authenticates the CA/FtA ceftiiicaie

Many of the steps shown in Figure 20-4 are completed automatically by SCEP. Step 9.

Manage key storage in NVRAM. Memory management is an option available to prevent the number of stored certificates and CRLs from occupying memory space.

Step 10.

Manage the keys on the router. Key management is an option that enables you to delete keys and certificates from the router and to request a CRL from the CA.

Step 11.

Verify the CA configuration. Three commands enable you to view the status of certificates and keys on the router, as follows:

• show crypto ca certificates displays certificates currently on the router. Example 20-7 shows the output from the show crypto ca certificates command.

0 0

Post a comment