Navigation
Configuring Minimum Digital Certificate Requirements for IKE on an ES PIC
To define a digital certificate configuration for IKE for an encryption interface on M Series and T Series routers, include at least the following statements at the [edit security certificates] and [edit security ike] hierarchy levels:
[edit security]
certificates {certification-authority ca-profile-name {ca-name ca-identity;crl filename;enrollment-url url-name; file certificate-filename;ldap-url url-name;}}
ike {policy ike-peer-address {local-certificate certificate-filename;local-key-pair private-public-key-file;proposal [ ike-proposal-names ];}proposal ike-proposal-name {authentication-method rsa-signatures;}}
