Home » HP Manuals » Servers » HP 6125G » Manual Viewer

HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 66

Create a certificate attribute group, and con a certificate attribute rule

Add to My Manuals
Save this manual to your list of manuals

Page 66 highlights

# Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com. system-view [Device] pki entity en [Device-pki-entity-en] common-name http-server1 [Device-pki-entity-en] fqdn ssl.security.com [Device-pki-entity-en] quit # Create a PKI domain, specify the trusted CA as new-ca, the URL of the server for certificate request as http://10.1.2.2/certsrv/mscep/mscep.dll, authority for certificate request as RA, and the entity for certificate request as en. [Device] pki domain 1 [Device-pki-domain-1] ca identifier new-ca [Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll [Device-pki-domain-1] certificate request from ra [Device-pki-domain-1] certificate request entity en [Device-pki-domain-1] quit # Create RSA local key pairs. [Device] public-key loc al create rsa # Retrieve the CA certificate from the certificate issuing server. [Device] pki retrieval-certificate ca domain 1 # Request a local certificate from a CA through SCEP for the device. [Device] pki request-certificate domain 1 # Create an SSL server policy myssl, specify PKI domain 1 for the SSL server policy, and enable certificate-based SSL client authentication. [Device] ssl server-policy myssl [Device-ssl-server-policy-myssl] pki-domain 1 [Device-ssl-server-policy-myssl] client-verify enable [Device-ssl-server-policy-myssl] quit # Create a certificate attribute group mygroup1, and configure a certificate attribute rule, specifying that the distinguished name in the subject name includes the string of new-ca. [Device] pki certificate attribute-group mygroup1 [Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca [Device-pki-cert-attribute-group-mygroup1] quit # Create a certificate attribute-based access control policy myacp. Configure a certificate attribute-based access control rule, specifying that a certificate is considered valid when it matches an attribute rule in certificate attribute group myacp. [Device] pki certificate access-control-policy myacp [Device-pki-cert-acp-myacp] rule 1 permit mygroup1 [Device-pki-cert-acp-myacp] quit # Associate the HTTPS service with SSL server policy myssl. [Device] ip https ssl-server-policy myssl # Associate the HTTPS service with certificate attribute-based access control policy myacp. [Device] ip https certificate access-control-policy myacp # Enable the HTTPS service. [Device] ip https enable 60

Section	Page
Title Page	1
Fundamentals Configuration Guide	3
Using the CLI	7
Logging in to the CLI	7
Command conventions	7
Using the undo form of a command	8
CLI views	8
Entering system view from user view	9
Returning to the upper-level view from any view	9
Returning to user view from any other view	9
Accessing the CLI online help	10
Entering a command	11
Editing a command line	11
Entering a STRING type value for an argument	11
Abbreviating commands	11
Configuring and using command keyword aliases	12
Usage guidelines	12
Configuration procedure	12
Configuring and using hotkeys	12
Enabling redisplaying entered-but-not-submitted commands	14
Understanding command-line error messages	14
Using the command history function	15
Viewing history commands	15
Setting the command history buffer size for user interfaces	15
Controlling the CLI output	16
Pausing between screens of output	16
Filtering the output from a display command	16
Configuring user privilege and command levels	19
Configuring a user privilege level	19
Configuring a user privilege level for users by using the AAA module	20
Configuring the user privilege level directly on a user interface	21
Switching the user privilege level	23
Configuring the authentication parameters for user privilege level switching	23
Switching to a higher user privilege level	24
Changing the level of a command	25
Saving the running configuration	25
Displaying and maintaining CLI	26
Login overview	27
Login methods at a glance	27
User interfaces	28
User interface assignment	28
User interface identification	28
Logging in to the CLI	29
Logging in through the console port for the first time	29
Configuring console login control settings	31
Configuring none authentication for console login	32
Configuring password authentication for console login	33
Configuring scheme authentication for console login	34
Configuring common console login settings (optional)	36
Logging in through Telnet	38
Configuring none authentication for Telnet login	39
Configuring password authentication for Telnet login	40
Configuring scheme authentication for Telnet login	41
Configuring common settings for VTY user interfaces (optional)	43
Using the device to log in to a Telnet server	45
Setting the DSCP value for IP to use for outgoing Telnet packets	46
Logging in through SSH	46
Configuring the SSH server on the device	46
Using the device as an SSH client to log in to the SSH server	49
Modem dial-in through the console port	49
Setting up the configuration environment	50
Configuring none authentication for modem dial-in	53
Configuring password authentication for modem dial-in	53
Configuring scheme authentication for modem dial-in	54
Configuring common settings for modem dial-in (optional)	57
Displaying and maintaining CLI login	59
Logging in to the Web interface	60
Configuring HTTP login	60
Configuring HTTPS login	61
Displaying and maintaining Web login	63
HTTP login configuration example	63
Network requirements	63
Configuration procedure	64
HTTPS login configuration example	65
Network requirements	65
Configuration procedure	65
Logging in through SNMP	68
Configuring SNMP login	68
Prerequisites	68
Configuring SNMPv3 settings	68
Configuring SNMPv1 or SNMPv2c settings	69
NMS login example	70
Network requirements	70
Configuration procedure	70
Controlling user logins	71
Controlling Telnet logins	71
Configuring source IP-based Telnet login control	71
Configuring source/destination IP-based Telnet login control	71
Configuring source MAC-based Telnet login control	72
Telnet login control configuration example	72
Network requirements	72
Configuration procedure	73
Configuring source IP-based SNMP login control	73
Configuration procedure	73
SNMP login control configuration example	74
Network requirements	74
Configuration procedure	75
Configuring Web login control	75
Configuring source IP-based Web login control	75
Logging off online Web users	75
Web login control configuration example	76
Network requirements	76
Configuration procedure	76
Configuring FTP	77
Using the device as an FTP client	77
Establishing an FTP connection	77
Setting the DSCP value for IP to use for outgoing FTP packets	78
Managing directories on the FTP server	79
Working with the files on the FTP server	79
Switching to another user account	80
Maintaining and troubleshooting the FTP connection	80
Terminating the FTP connection	80
FTP client configuration example	81
Network requirements	81
Configuration procedure	81
Using the device as an FTP server	82
Configuring basic parameters	82
Configuring authentication and authorization	83
FTP server configuration example	84
Network requirements	84
Configuration procedure	84
Displaying and maintaining FTP	86
Configuring TFTP	87
Prerequisites	87
Using the device as a TFTP client	87
Displaying and maintaining the TFTP client	88
TFTP client configuration example	88
Network requirements	88
Configuration procedure	89
Managing the file system	90
Storage medium naming rules	90
File name formats	90
Managing files	91
Displaying file information	91
Displaying file contents	91
Renaming a file	91
Copying a file	91
Moving a file	91
Deleting/restoring a file	92
Emptying the recycle bin	92
Managing directories	92
Displaying directory information	92
Displaying the current working directory	92
Changing the current working directory	93
Creating a directory	93
Removing a directory	93
Managing storage medium space	93
Displaying and maintaining the NAND Flash memory	94
Displaying and repairing bad blocks	94
Viewing files	94
Performing batch operations	94
Setting the file system operation mode	95
File system management examples	95
Managing configuration files	96
Overview	96
Configuration types	96
Factory defaults	96
Startup configuration	96
Running configuration	96
Configuration file format and content	97
Next-startup configuration file redundancy	97
Startup with a configuration file	97
Saving the running configuration	97
Enabling configuration file auto-update	98
Saving configuration in different approaches	98
Configuring configuration rollback	99
Configuration task list	99
Configuring configuration archive parameters	100
Configuration guidelines	100
Configuration procedure	100
Enabling automatic configuration archiving	101
Manually archiving running configuration	102
Performing configuration rollback	102
Specifying a configuration file for the next startup	103
Backing up the next-startup configuration file to a TFTP server	103
Deleting the next-startup configuration file	103
Restoring the next-startup configuration file from a TFTP server	104
Displaying and maintaining a configuration file	104
Upgrading software	106
Software upgrade methods	106
Upgrading BootWare	107
Upgrading the entire system software	107
Installing patches	108
Displaying and maintaining software upgrade	109
Software upgrade examples	109
Upgrading the entire system software	109
Network requirement	109
Configuration procedure	109
Installing patches	110
Network requirements	110
Configuration procedure	111
Managing the device	112
Configuring the device name	112
Changing the system time	112
Configuration guidelines	112
Configuration procedure	115
Enabling displaying the copyright statement	115
Configuring banners	116
Banner message input modes	116
Configuration procedure	117
Configuring the exception handling method	117
Rebooting the device	117
Rebooting devices immediately at the CLI	118
Scheduling a device reboot	118
Scheduling jobs	119
Job configuration approaches	119
Configuration guidelines	119
Scheduling a job in the non-modular approach	120
Scheduling a job in the modular approach	120
Configuring the port status detection timer	121
Clearing unused 16-bit interface indexes	121
Verifying and diagnosing transceiver modules	122
Verifying transceiver modules	122
Diagnosing transceiver modules	122
Displaying and maintaining device management	122
Automatic configuration	125
Typical application scenario	125
How automatic configuration works	126
Automatic configuration work flow	126
Using DHCP to obtain an IP address and other configuration information	127
Address acquisition process	127
Principles for selecting an address pool on the DHCP server	127
Obtaining the configuration file from the TFTP server	128
Obtaining the configuration file	129
TFTP request sending mode	129
Executing the configuration file	130
Support and other resources	131
Contacting HP	131
Subscription service	131
Related information	131
Documents	131
Websites	131
Conventions	132
Command conventions	132
GUI conventions	132
Symbols	132
Network topology icons	133
Port numbering in examples	133

Match case Limit results 1 per page

# Configure a PKI entity, configure the common name of the entity as

http-server1

, and the FQDN

of the entity as

ssl.security.com

<Device> system-view

[Device] pki entity en

[Device-pki-entity-en] common-name http-server1

[Device-pki-entity-en] fqdn ssl.security.com

[Device-pki-entity-en] quit

# Create a PKI domain, specify the trusted CA as

new-ca

, the URL of the server for certificate

request as

http://10.1.2.2/certsrv/mscep/mscep.dll

, authority for certificate request as

, and

the entity for certificate request as

[Device] pki domain 1

[Device-pki-domain-1] ca identifier new-ca

[Device-pki-domain-1] certificate request url

http://10.1.2.2/certsrv/mscep/mscep.dll

[Device-pki-domain-1] certificate request from ra

[Device-pki-domain-1] certificate request entity en

[Device-pki-domain-1] quit

# Create RSA local key pairs.

[Device] public-key loc al create rsa

# Retrieve the CA certificate from the certificate issuing server.

[Device] pki retrieval-certificate ca domain 1

# Request a local certificate from a CA through SCEP for the device.

[Device] pki request-certificate domain 1

# Create an SSL server policy

myssl

, specify PKI domain 1 for the SSL server policy, and enable

certificate-based SSL client authentication.

[Device] ssl server-policy myssl

[Device-ssl-server-policy-myssl] pki-domain 1

[Device-ssl-server-policy-myssl] client-verify enable

[Device-ssl-server-policy-myssl] quit

# Create a certificate attribute group

mygroup1

, and configure a certificate attribute rule,

specifying that the distinguished name in the subject name includes the string of new-ca.

[Device] pki certificate attribute-group mygroup1

[Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca

[Device-pki-cert-attribute-group-mygroup1] quit

# Create a certificate attribute-based access control policy

myacp

. Configure a certificate

attribute-based access control rule, specifying that a certificate is considered valid when it matches

an attribute rule in certificate attribute group

myacp

[Device] pki certificate access-control-policy myacp

[Device-pki-cert-acp-myacp] rule 1 permit mygroup1

[Device-pki-cert-acp-myacp] quit

# Associate the HTTPS service with SSL server policy

myssl

[Device] ip https ssl-server-policy myssl

# Associate the HTTPS service with certificate attribute-based access control policy

myacp

[Device] ip https certificate access-control-policy myacp

# Enable the HTTPS service.

[Device] ip https enable

HP 6125G HP 6125G &amp; 6125G/XG Blade Switches Fundamentals Configuration - Page 66

Create a certificate attribute group, and con a certificate attribute rule

Page 66 highlights

HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 66