HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 66
Create a certificate attribute group, and con a certificate attribute rule
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 66 highlights
# Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN of the entity as ssl.security.com. system-view [Device] pki entity en [Device-pki-entity-en] common-name http-server1 [Device-pki-entity-en] fqdn ssl.security.com [Device-pki-entity-en] quit # Create a PKI domain, specify the trusted CA as new-ca, the URL of the server for certificate request as http://10.1.2.2/certsrv/mscep/mscep.dll, authority for certificate request as RA, and the entity for certificate request as en. [Device] pki domain 1 [Device-pki-domain-1] ca identifier new-ca [Device-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll [Device-pki-domain-1] certificate request from ra [Device-pki-domain-1] certificate request entity en [Device-pki-domain-1] quit # Create RSA local key pairs. [Device] public-key loc al create rsa # Retrieve the CA certificate from the certificate issuing server. [Device] pki retrieval-certificate ca domain 1 # Request a local certificate from a CA through SCEP for the device. [Device] pki request-certificate domain 1 # Create an SSL server policy myssl, specify PKI domain 1 for the SSL server policy, and enable certificate-based SSL client authentication. [Device] ssl server-policy myssl [Device-ssl-server-policy-myssl] pki-domain 1 [Device-ssl-server-policy-myssl] client-verify enable [Device-ssl-server-policy-myssl] quit # Create a certificate attribute group mygroup1, and configure a certificate attribute rule, specifying that the distinguished name in the subject name includes the string of new-ca. [Device] pki certificate attribute-group mygroup1 [Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca [Device-pki-cert-attribute-group-mygroup1] quit # Create a certificate attribute-based access control policy myacp. Configure a certificate attribute-based access control rule, specifying that a certificate is considered valid when it matches an attribute rule in certificate attribute group myacp. [Device] pki certificate access-control-policy myacp [Device-pki-cert-acp-myacp] rule 1 permit mygroup1 [Device-pki-cert-acp-myacp] quit # Associate the HTTPS service with SSL server policy myssl. [Device] ip https ssl-server-policy myssl # Associate the HTTPS service with certificate attribute-based access control policy myacp. [Device] ip https certificate access-control-policy myacp # Enable the HTTPS service. [Device] ip https enable 60