The 7705 SAR supports the creation of TLS client profiles, which can be assigned to applications such as PCEP to encrypt the application layer.
The client-tls-profile command is used for negotiating and authenticating the server. After the server is authenticated via the trust anchor profile (configured using the trust-anchor-profile command) of a TLS client profile, it negotiates the ciphers and authentication algorithms to be used for encryption of the data.
The TLS client profile must be assigned to an application for it to start encrypting. Up to 16 TLS client profiles can be configured. Because each of these client profiles needs a trust anchor profile to authenticate the server, up to 16 trust anchor profiles can be configured. A trust anchor profile holds up to 8 trust anchors (configured using the trust-anchor command), each of which holds a CA profile (ca-profile).
A CA profile is a container for installing CA certificates. These CA certificates are used to authenticate the server certificate. When the client receives the server certificate, it reads through the trust anchor profile CA certificates and tries to authenticate the server certificate against each CA certificate. The first CA certificate that authenticates the server is used.