- Enterasys Security Router User's Guide
VPN Configuration Overview
XSR User’s Guide 14-29
Certificate has the following attributes:
Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A302
Do you accept this certificate? [yes/no] y
4. Display your CA certificates to verify all root and associated certificates are present. In the RA
Mode example below, ldapca is the root CA of three certificates. Non-RA Mode CAs return one
certificate only.
XSR(config)#show crypto ca certificates
CA Certificate - ldapca
State: CA-AUTHENTICATED
Version: V3
Serial Number: 6083684655030387331394927502614112809
Issuer: C=US, O=sml, CN=ldapca
Valid From: 2002 Jun 4th, 12:40:46 GMT
Valid To: 2004 Jun 4th, 12:48:15 GMT
Subject: C=US, O=sml, CN=ldapca
Fingerprint: D423E129 81904CE0 1E6D0FE0 A123A302
Certificate Size: 1157 bytes
RA KeyEncipher Certificate - ldapca-rae
State: CA-AUTHENTICATED
Version: V3
Serial Number: 458128935273366930063530
Issuer: C=US, O=sml, CN=ldapca
Valid From: 2002 Jul 24th, 20:45:14 GMT
Valid To: 2003 Jul 24th, 20:55:14 GMT
Subject: C=US, O=sml.com, CN=sml_requestor
Fingerprint: F1279D63 AFFC3D93 48E5F311 73A1D16F
Certificate Size: 1695 bytes
RA Signature Certificate - ldapca-ras
State: CA-AUTHENTICATED
Version: V3
Serial Number: 458128729515158954573993
Issuer: C=US, O=sml, CN=ldapca
Valid From: 2002 Jul 24th, 20:45:13 GMT
Valid To: 2003 Jul 24th, 20:55:13 GMT
Subject: C=US, O=sml.com, CN=sml_requestor
Fingerprint: 91EB5A77 B5CA535A 077B65C5 65035615
Certificate Size: 1695 bytes
5. Set the CRL retrieval rate and download the latest CRL (optional).
XSR(config)#crl frequency 12
XSR(config)#crypto ca crl request PKItestca1
6. Add a static host to store IP addresses for use by the CRL mechanism.
XSR(config)#ip host CRLrepository 223.125.57.88
7. Optional. To ensure Verisign CA support, provide the domain name that you specified when
registering with Verisign by entering your company’s domain name: