|
Navigate to the Security level in the configuration
hierarchy.
|
- In the configuration hierarchy, click Security.
- Next to Security, click Configure.
|
From the top of the configuration hierarchy, enter
edit security pki
|
|
Add a new CA profile to the Services Router.
|
- Select Pki.
- Click Configure.
- Next to Ca profile, click Add new entry.
|
|
Configure the profile name and the CA authority identification—for
example, ca-profile-ipsec and versign.com.
|
- In the Ca profile name box, type ca-profile-ipsec.
- In the Ca identity box, type verisign.com.
- Next to Enrollment, click Configure.
|
Enter
edit ca-profile ca-profile-ipsec ca-identity verisign.com
|
|
Configure the following enrollment options:
- Enrollment URL—URL where the Simple Certificate Enrollment
Protocol (SCEP) request is sent to the certification authority configured
in this profile—for example, www.versign.com.
- Enrollment retry—Number of attempts at online enrollment
with the CA profile to allow for a router certificate, if enrollment fails—for
example, 10. The range is from 0 through 100 attempts.
- Enrollment retry-interval—Length of time, in seconds, to
allow between enrollment attempts—for example, 60. The range
is from 0 through 3600 seconds.
|
- In the Retry box, type 10.
- In the Retry interval box, type 60.
- In the Url box, type www.verisign.com.
- Click OK.
|
Enter
edit ca-profile ca-profile-ipsec ca-identity versign.com enrollment
url http://www.verisign.com retry 10 retry-interval 60
|