Home
System management
Documents under this category provide information about configuring basic system functions and components on SR-series routers. This includes system and interface configuration, as well as licensing.
System Management Guide
This guide describes system security features, SNMP and NETCONF features, and event and accounting logs; the guide also covers basic tasks such as configuring management access filters, passwords, and user profiles.
Public key infrastructure
X.509v3 certificate overview
Certificate enrollment

System management
Documents under this category provide information about configuring basic system functions and components on SR-series routers. This includes system and interface configuration, as well as licensing.
- Basic System Configuration Guide
  This guide describes file system management, boot option file (BOF) configuration, basic system management configuration, node timing, and synchronization functions.
- Interface Configuration Guide
  This guide describes how to provision Input/Output Modules (IOMs), XMA Control Modules (XCMs), Media Dependent Adapters (MDAs), XRS Media Adapters (XMAs), connectors, and ports.
- Pay-as-you-Grow Licensing Guide
- Router Configuration Guide
  This guide dscribes logical IP routing interfaces and associated attributes such as IP addresses, as well as IP and MAC-based filtering, Virtual Router Redundancy Protocol (VRRP), and cflowd.
- System Management Guide
  This guide describes system security features, SNMP and NETCONF features, and event and accounting logs; the guide also covers basic tasks such as configuring management access filters, passwords, and user profiles.

Certificate enrollment

The SR OS supports two certificate enrollment methods:

off-line method via PKCS#10
on-line method via CMPv2
on-line method via EST

The off-line method works as follows:

Generate a key pair via the command admin certificate gen-keypair

For example:

admin certificate gen-keypair cf3:/segw.key size 2048 type rsa
Generate a PKCS#10 certificate signing request with the key generated in the step mentioned above via the admin certificate gen-local-cert-req command.

For example:

admin certificate gen-local-cert-req keypair cf3:/segw.key subject-dn

C=US,ST=CA,O=ALU,CN=SeGW domain-name segw-1.alu.com file cf3:/segw.pkcs10

The user specifies the subject of certificate request and optionally can also specify a FQDN or an IP address as SubjectAltName.
Import the key file via the admin certificate import command.

For example:

admin certificate import type key input cf3:/segw.key output segw.key format de
Because the key is imported, remove the key file generated in the first step for security reasons.
Send the PKCS#10 file to CA via an offline method such as e-mail.
CA signs the request, and returns the certificate.
Import the result certificate the admin certificate import command.

For example:

admin certificate import type cert input cf3:/segw.cert output segw.cert format pem

For CMPv2-based enrollment, see CMPv2. For EST-based enrollment, see Enrollment over secure transport.

April 13, 2023