HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 174
Configuration procedure, Configuring PKI certificate verification, Configuration guidelines
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 174 highlights
• The configuration made by the pki retrieval-certificate configuration is not saved in the configuration file. • Make sure the switch's system time falls in the validity period of the certificate so that the certificate is valid. Configuration procedure To retrieve a certificate manually: Step 1. Enter system view. 2. Retrieve a certificate manually. Command Remarks system-view • In online mode: pki retrieval-certificate { ca | local } domain domain-name • In offline mode: pki import-certificate { ca | local } domain domain-name { der | p12 | pem } [ filename filename ] N/A Use either command. Configuring PKI certificate verification A certificate needs to be verified before being used. Certificate verification can examine whether the certificate is signed by the CA and whether the certificate has expired or been revoked. You can specify whether to perform CRL checking during certificate verification. If you enable CRL checking, CRLs will be used in verification of a certificate, and you must retrieve the CA certificate and CRLs to the local switch before the certificate verification. If you disable CRL checking, you only need to retrieve the CA certificate. Configuration guidelines • The CRL update period defines the interval at which the entity downloads CRLs from the CRL server. The CRL update period setting manually configured on the switch is prior to that carried in the CRLs. • The configuration made by the pki retrieval-crl domain command is not saved in the configuration file. Configuring CRL-checking-enabled PKI certificate verification Step 1. Enter system view. 2. Enter PKI domain view. 3. Specify the URL of the CRL distribution point. Command system-view pki domain domain-name crl url url-string Remarks N/A N/A Optional. No CRL distribution point URL is specified by default. 164