SR OS implements a centralized certificate management protocol that can be used by TLS and IPsec. See the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide for information about the configuration of the certificates and the corresponding protocols, such as OCSP, CMPv2, and CRL.
The main certificate configurations are:
certificate configuration and management, configured using the admin>certificate commands
PKI configuration (including creating a CA profile), configured using the config>system>security>pki commands
The two main configuration sub-trees for certificates are displayed below.
admin>certificate
clear-ocsp-cache
cmpv2
crl-update
display
export
gen-keypair
gen-local-cert-req
import
reload
config>system>security>pki
[no] ca-profile
certificate-display-format
[no] certificate-expiration-warning
[no] crl-expiration-warning
[no] maximum-cert-chain-depth