
ii
Enabling password control ··········································································································································· 52
Setting global password control parameters ·············································································································· 53
Setting user group password control parameters······································································································· 54
Setting local user password control parameters········································································································· 54
Setting super password control parameters ················································································································ 55
Displaying and maintaining password control ··········································································································· 56
Password control configuration example ···················································································································· 56
Network requirements··········································································································································· 56
Configuration procedure ······································································································································ 57
Verifying the configuration··································································································································· 58
Managing public keys···············································································································································60
Overview········································································································································································· 60
Creating a local key pair ·············································································································································· 60
Configuration guidelines ······································································································································ 60
Configuration procedure ······································································································································ 61
Distributing a local host public key ······························································································································ 61
Exporting a host public key in a specific format to a file·················································································· 62
Displaying a host public key in a specific format and saving it to a file ························································ 62
Displaying a host public key································································································································ 62
Destroying a local key pair··········································································································································· 63
Configuring a peer public key······································································································································ 63
Importing a peer host public key from a public key file···················································································· 63
Entering a peer public key ··································································································································· 64
Displaying and maintaining public keys ····················································································································· 64
Examples of public key management ·························································································································· 64
Example for entering a peer public key·············································································································· 64
Example for importing a public key from a public key file··············································································· 66
Configuring PKI ··························································································································································69
Overview········································································································································································· 69
PKI terminology······················································································································································ 69
PKI architecture······················································································································································ 70
PKI operation ························································································································································· 70
PKI applications ····················································································································································· 71
Support for MPLS L3VPN······································································································································ 71
PKI configuration task list ·············································································································································· 72
Configuring a PKI entity ················································································································································ 72
Configuring a PKI domain············································································································································· 73
Requesting a certificate ················································································································································· 75
Configuring automatic certificate request··········································································································· 76
Manually requesting a certificate ························································································································ 76
Aborting a certificate request ······································································································································· 77
Obtaining certificates ···················································································································································· 78
Configuration prerequisites ·································································································································· 78
Configuration guidelines ······································································································································ 78
Configuration procedure ······································································································································ 79
Verifying PKI certificates················································································································································ 79
Verifying certificates with CRL checking ············································································································· 79
Verifying certificates without CRL checking ········································································································ 80
Specifying the storage path for the certificates and CRLs ························································································· 80
Exporting certificates ····················································································································································· 81
Removing a certificate ··················································································································································· 81
Configuring a certificate access control policy··········································································································· 82
Displaying and maintaining PKI ··································································································································· 83