HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 171
Configuration guidelines, Configuration procedure, Submitting a PKI certificate request
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 171 highlights
Configuration guidelines • Up to two PKI domains can be created on a switch. • The CA name is required only when you retrieve a CA certificate. It is not used when in local certificate request. • The certificate request URL does not support domain name resolution. Configuration procedure To configure a PKI domain: Step Command Remarks 1. Enter system view. 2. Create a PKI domain and enter its view. system-view pki domain domain-name N/A No PKI domain exists by default. 3. Specify the trusted CA. ca identifier name No trusted CA is specified by default. 4. Specify the entity for certificate request. certificate request entity entity-name No entity is specified by default. The specified entity must exist. 5. Specify the authority for certificate request. certificate request from { ca | ra } No authority is specified by default. 6. Configure the certificate request URL. certificate request url url-string No certificate request URL is configured by default. 7. Configure the polling interval and attempt limit for querying certificate request polling { count the certificate request status. count | interval minutes } Optional. The polling is executed for up to 50 times at the interval of 20 minutes by default. 8. Specify the LDAP server. ldap-server ip ip-address [ port port-number ] [ version version-number ] Optional. No LDP server is specified by default. 9. Configure the fingerprint for root certificate verification. root-certificate fingerprint { md5 | sha1 } string Required when the certificate request mode is auto and optional when the certificate request mode is manual. In the latter case, if you do not configure this command, the fingerprint of the root certificate must be verified manually. No fingerprint is configured by default. Submitting a PKI certificate request When requesting a certificate, an entity introduces itself to the CA by providing its identity information and public key, which will be the major components of the certificate. A certificate request can be submitted to a CA in offline mode or online mode. In offline mode, a certificate request is submitted to a CA by an "out-of-band" means such as phone, disk, or email. 161