1842 CHAPTER 97: PKI C ONFIGURATION[Router-pki-domain-torsa] certificate request url http://4.4.4.133:446/c95e970f632d27be5e8cbf80e971d9c4a9a93337# Set the registration authority to CA.[Router-pki-domain-torsa] certificate request from ca# Specify the entity for certificate request as aaa.[Router-pki-domain-torsa] certificate request entity aaa# Configure the URL for the CRL distribution.[Router-pki-domain-torsa] crl url http://4.4.4.133:447/myca.crl[Router-pki-domain-torsa] quit3 Generate a local key pair using RSA[Router] public-key local create rsaThe range of public key size is (512 ~ 2048).NOTES: If the key modulus is greater than 512,It may take a few minutes.Press CTRL+C to abort.Input the bits in the modulus [default = 1024]:Generating keys...........++++++....................................++++++.......++++++++......................++++++++.4 Apply for a certificate# Retrieve the CA certificate and save it locally.[Router] pki retrieval-certificate ca domain torsaRetrieving CA/RA certificates. Please wait a while......The trusted CA’s finger print is:MD5 fingerprint:EDE9 0394 A273 B61A F1B3 0072 A0B1 F9ABSHA1 fingerprint: 77F9 A077 2FB8 088C 550B A33C 2410 D354 23B2 73A8Is the finger print correct?(Y/N):ySaving CA/RA certificates chain, please wait a moment......CA certificates retrieval success.# Retrieve CRLs and save them locally.[Router] pki retrieval-crl domain torsaConnecting to server for retrieving CRL. Please wait a while.....CRL retrieval success!# Apply for a local certificate manually.[Router] pki request-certificate domain torsa challenge-wordEnrolling the local certificate,please wait a while......Certificate request Successfully!Saving the local certificate to device......Done!5 Verify your configuration