HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 173
Configuration procedure, Retrieving a certificate manually, Configuration guidelines
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 173 highlights
request-certificate domain command with the pkcs10 keyword. To save the request information to a local file, use the pki request-certificate domain command with the pkcs10 filename filename option. • Make sure the clocks of the entity and the CA are synchronous. Otherwise, the validity period of the certificate will be abnormal. • The configuration made by the pki request-certificate domain command is not saved in the configuration file. Configuration procedure To submit a certificate request in manual mode: Step 1. Enter system view. 2. Enter PKI domain view. 3. Set the certificate request mode to manual. 4. Return to system view. 5. Retrieve a CA certificate manually. 6. Generate a local RSA key pair. 7. Submit a local certificate request manually. Command system-view pki domain domain-name certificate request mode manual quit See "Retrieving a certificate manually" public-key local create rsa pki request-certificate domain domain-name [ password ] [ pkcs10 [ filename filename ] ] Remarks N/A N/A Optional. Manual by default. N/A N/A No local RSA key pair exists by default. N/A Retrieving a certificate manually You can download CA certificates, local certificates, or peer entity certificates from the CA server and save them locally. To do so, use either the offline mode or the online mode. In offline mode, you must retrieve a certificate by an out-of-band means like FTP, disk, or email, and then import it into the local PKI system. Certificate retrieval serves the following purposes: • Locally store the certificates associated with the local security domain for improved query efficiency and reduced query count • Prepare for certificate verification Configuration guidelines • Before retrieving a local certificate in online mode, be sure to complete the LDAP server configuration. • If a PKI domain already has a CA certificate, you cannot retrieve another CA certificate for it. This restriction helps avoid inconsistency between the certificate and registration information resulted from configuration changes. To retrieve a new CA certificate, use the pki delete-certificate command to delete the existing CA certificate and the local certificate first. 163