Table of Contents
Advertisement
Chapter 20
Certificate Authority Server
CA Server Wizard: RSA Keys
Label
Modulus
Type
Key is exportable
OL-4015-12
Enrollment-Request—Open certificate requests existing in the enrollment
•
database, but not including requests received through SCEP. Lifetime is
entered in hours, in the range 1–1000. If no value is entered, an open
enrollment request expires after 168 hours (one week).
The CA server uses public and private
certificates. SDM automatically generates a new key pair and gives it the name of
the CA server. You can change the key modulus and type, and you can make the
key exportable. You must enter a passphrase to use when restoring the CA server.
This field is read-only. SDM uses the name of the CA server as the name of the
key pair.
Enter the key modulus value. If you want a modulus value between 512 and 1024
enter an integer value that is a multiple of 64. If you want a value higher than
1024, you can enter 1536 or 2048. If you enter a value greater than 512, key
generation may take a minute or longer.
The modulus determines the size of the key. The larger the modulus, the more
secure the key, but keys with large modulus take longer to generate, and
encryption/decryption operations take longer with larger keys.
By default, Cisco SDM creates a general purpose key pair that is used for both
encryption and signature. If you want Cisco SDM to generate separate key pairs
for encrypting and signing documents, choose Usage Keys. Cisco SDM will
generate usage keys for encryption and signature.
Check Key is exportable if you want the CA server key to be exportable.
Cisco Router and Security Device Manager 2.5 User's Guide
RSA keys
to encrypt data and to sign
Create CA Server
20-7
Advertisement
Table of Contents
Troubleshooting
