Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring a CA Profile

    This example shows how to configure a CA profile.

    Requirements

    No special configuration beyond device initialization is required before configuring this feature.

    Overview

    In this example, you create a CA profile called ca-profile-ipsec with CA identity microsoft-2008. The configuration specifies that the CRL be refreshed every 48 hours, and the location to retrieve the CRL is http://www.my-ca.com. Within the example, you set the enrollment retry value to 20. (The default retry value is 10.)

    Automatic certificate polling is set to every 30 minutes. If you configure retry only without configuring a retry interval, then the default retry interval is 900 seconds (or 15 minutes). If you do not configure retry or a retry interval, then there is no polling.

    Configuration

    Step-by-Step Procedure

    To configure a CA profile:

    1. Create a CA profile.
      [edit]user@host# set security pki ca-profile ca-profile-ipsec ca-identity microsoft-2008 revocation-check crl refresh-interval 48 url http://www.my-ca.com/my-crl.crl
    2. Specify the enrollment retry value.
      [edit]user@host# set security pki ca-profile ca-profile-ipsec enrollment retry 20
    3. Specify the time interval in seconds between attempts to automatically enroll the CA certificate online.
      [edit]user@host# set security pki ca-profile ca-profile-ipsec enrollment retry-interval 1800
    4. If you are done configuring the device, commit the configuration.
      [edit]user@host# commit

    Verification

    To verify the configuration is working properly, enter the show security pki command.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page