HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 181
Configuring the switch, Internet Information Services IIS Manager
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 181 highlights
After the SCEP add-on installation completes, a URL is displayed, which you must configure on the switch as the URL of the server for certificate registration. 3. Modify the certificate service attributes: a. Select Control Panel > Administrative Tools > Certificate Authority from the start menu. If the CA server and SCEP add-on have been installed successfully, there should be two certificates issued by the CA to the RA. b. Right-click the CA server in the navigation tree and select Properties > Policy Module. c. Click Properties and select Follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate. 4. Modify the Internet Information Services (IIS) attributes: a. Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from the start menu. b. Select Web Sites from the navigation tree. c. Right-click Default Web Site and select Properties > Home Directory. d. Specify the path for certificate service in the Local path text box. To avoid conflict with existing services, specify an available port number as the TCP port number of the default website. After completing the configuration, make sure the system clock of the switch is synchronous to that of the CA server, so that that the switch can request a certificate normally. Configuring the switch 1. Configure the entity name as aaa and the common name as device. system-view [Device] pki entity aaa [Device-pki-entity-aaa] common-name device [Device-pki-entity-aaa] quit 2. Configure the PKI domain: # Create PKI domain torsa and enter its view. [Device] pki domain torsa # Configure the name of the trusted CA as myca. [Device-pki-domain-torsa] ca identifier myca # Configure the URL of the registration server in the format of http://host:port/ certsrv/mscep/mscep.dll, where host:port indicates the IP address and port number of the CA server. [Device-pki-domain-torsa] certificate request url http://4.4.4.1:8080/certsrv/mscep/mscep.dll # Set the registration authority to RA. [Device-pki-domain-torsa] certificate request from ra # Specify the entity for certificate request as aaa. [Device-pki-domain-torsa] certificate request entity aaa 3. Generate a local key pair using RSA: [Device] public-key local create rsa The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. 171