SR OS certificate management

SR OS implements a centralized certificate management protocol that can be used by TLS and IPsec. See the 7450 ESS, 7750 SR, and VSR Multiservice Integrated Service Adapter and Extended Services Appliance Guide for information about the configuration of the certificates and the corresponding protocols, such as OCSP, CMPv2, and CRL.

The main certificate configurations are:

The two main configuration sub-trees for certificates are displayed below.

admin>certificate
  clear-ocsp-cache
  cmpv2
  crl-update
  display
  export
  gen-keypair
  gen-local-cert-req
  import
  reload

config>system>security>pki
  [no] ca-profile
  certificate-display-format
  [no] certificate-expiration-warning
  [no] crl-expiration-warning
  [no] maximum-cert-chain-depth