Modify EAST's connection to WEST
This task modifies the connection from EAST to WEST to use X.509 certificates for authentication.
In this example:
- The authentication mode is changed from pre-shared secret to X.509 certificates.
- The certificate for the peer is identified using its 'distinguished name' information. This is the information prompted for when creating the certificate signing request (CSR) file.
- The locations of the CA certificate, the server certificate, and the private key file for the server are specified.
To modify the site-to-site connection to use X.509 certificate authentication, perform the following steps:
Step | Command |
---|---|
Remove the pre-shared key. |
|
Change the authentication mode. |
|
Specify the 'distinguished name' of the certificate for the peer. |
|
Specify the location of the CA certificate. |
|
Specify the location of the server certificate. |
|
Specify the location of the server key file. |
|
Specify the password for the server key file. |
|
Commit the configuration. |
|
View the modified configuration for the site-to-site connection. |
|
View data plane interface dp0p1p1 address configuration. local-address is set to this address. |
|