hit counter script

Cisco MDS 9000 Series Configuration Manual page 142

Security
Hide thumbs Also See for MDS 9000 Series:
Table of Contents

Advertisement

Configuring Certificate Authorities and Digital Certificates
Configuring Certificate Revocation Checking Methods
switch(config)#
Enters configuration mode.
Step 2
switch(config)# crypto ca authenticate admin-ca
xEzARBgNVBAsTCm5ldHN0b3JhZ2UxEjAQBgNVBAMTCUFwYXJuYSBD
QTAeFw0wNTA1MDMyMjQ2MzdaFw0wNzA1MDMyMjU1MTdaMIGQMSAwHgYJKoZIhvcN
AQkBFhFhbWFuZGtlQGNpc2NvLmNvbTELMAkGA1UEBhMCSU4xEjAQBgNVBAgTCUth
cm5hdGFrYTESMBAGA1UEBxMJQmFuZ2Fsb3JlMQ4wDAYDVQQKEwVDaXNjbzETMBEG
A1UECxMKbmV0c3RvcmFnZTESMBAGA1UEAxMJQXBhcm5hIENBMFwwDQYJKoZIhvcN
AQEBBQADSwAwSAJBAMW/7b3+DXJPANBsIHHzluNccNM87ypyzwuoSNZXOMpeRXXI
OzyBAgiXT2ASFuUOwQ1iDM8rO/41jf8RxvYKvysCAwEAAaOBvzCBvDALBgNVHQ8E
BAMCAcYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJyjyRoMbrCNMRU2OyRhQ
GgsWbHEwawYDVR0fBGQwYjAuoCygKoYoaHR0cDovL3NzZS0wOC9DZXJ0RW5yb2xs
L0FwYXJuYSUyMENBLmNybDAwoC6gLIYqZmlsZTovL1xcc3NlLTA4XENlcnRFbnJv
bGxcQXBhcm5hJTIwQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEB
BQUAA0EAHv6UQ+8nE399Tww+KaGr0g0NIJaqNgLh0AFcT0rEyuyt/WYGPzksF9Ea
NBG7E0oN66zex0EOEfG1Vs6mXp1//w==
-----END CERTIFICATE-----
END OF INPUT
Fingerprint(s): MD5 Fingerprint=65:84:9A:27:D5:71:03:33:9C:12:23:92:38:6F:78:12
Do you accept this certificate? [yes/no]: y
Prompts you to cut and paste the certificate of the CA. Use the same name that you used when declaring the
CA.
Note
The maximum number of trust points you can authenticate to a specific CA is 10.
Example
Note
For subordinate CA authentication, the full chain of CA certificates ending in a self-signed CA is
required because the CA chain is needed for certificate verification as well as for PKCS#12 format
export.
Configuring Certificate Revocation Checking Methods
During security exchanges with a client (for example, an IKE peer or SSH user), the Cisco MDS switch
performs the certificate verification of the peer certificate sent by the client. The verification process may
involve certificate revocation status checking.
You can use different methods for checking revoked sender certificates. You can configure the switch to check
the CRL downloaded from the CA (see the
Configuring a CRL, on page 129
section). Downloading the CRL
and checking locally does not generate traffic in your network. However, certificates can be revoked between
downloads and your switch would not be aware of the revocation. Using local CRL checking provides the
most secure method for checking for revoked certificates.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
124

Advertisement

Table of Contents
loading

Table of Contents