Cisco Secure Virtual Private Networks








7.4
Task
2Configuring CA Support



7.4.1
Task 2configure CA support





This section presents a
detailed explanation of the steps necessary to configure CA support
on Cisco routers.

Configuring Cisco IOS CA support is
complicated. Having a detailed plan lessens the chances of improper
configuration. Some planning steps and their associated commands
include the following steps:




Step
1
Manage
the non-volatile RAM (NVRAM) memory usage (optional)In some
cases, storing certificates and CRLs locally does not present
a problem. However, in other cases, memory might become an
issueparticularly if your CA supports an RA and a large
number of CRLs end up being stored on your router.


Step
2
Set
the router's time and dateThe router must have an accurate
time and date to enroll with a CA server.


Step
3
Configure
the router's host name and domain nameThe host name is used
in prompts and default configuration filenames. The domain
name is used to define a default domain name that the Cisco
IOS software uses to complete unqualified host names.


Step
4
Generate
an RSA key pairRSA keys are used to identify the remote
VPN peer. You can generate one general purpose key or two
special purpose keys.


Step
5
Declare
a CATo declare the CA your router should use, use the
crypto ca identity global configuration command. Use the
no
form of this command to delete all identity information and
certificates associated with the CA.