KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch

511

512

513

514

515

516

517

518

519

520

Certificate:

Data:

Version: 3 (0x2)

Serial Number: 10B7D4E3 00010000 0086…

Issuer:

emailAddress=myca@aabbcc.net

C=CN

ST=Country A

L=City X

O=abc

OU=bjs

CN=new-ca

Validity

Not Before: Jan 13 08:57:21 2004 GMT

Not After : Jan 20 09:07:21 2005 GMT

Subject:

C=CN

ST=Country B

L=City Y

CN=PKI test

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

RSA Public Key: (512 bit)

Modulus (512 bit):

00D41D1F …

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Subject Alternative Name:

DNS: hyf.xxyyzz.net

X509v3 CRL Distribution Points: URI:http://1.1.1.1:447/myca.crl

… …

Signature Algorithm: md5WithRSAEncryption

A3A5A447 4D08387D …

All data needed to display the certificate as shown above comes from the certificate so is available.

Note that the X509 extension display values will change depending on what extensions are present

in the certificate. When no extensions are present, the “X509v3 extensions:” line is not present.

NOTE: The X509 extension display valuesl change depending on what extensions are present

in the certificate. When no extensions are present, the “X509v3 extensions:” line is not present.

Web support

The current security—SSL page configures Web UI SSL servers only. The following are requirements

for a web UI design:

• The web UI implicitly uses a TA profile named “default”. If the TA certificate installed on the

switch is associated with a profile of another name, the TA certificate is read-only to the web

UI. See “Trust anchor profile” (page 505).

• The web UI supports local certificate enrollment with an implicit usage of ’web’. See “Local

certificate enrollment – manual mode” (page 506).

• The web UI supports self-signed local certificate enrollment with an implicit usage of ‘web’.

See “Local certificate enrollment – manual mode” (page 506).

• The web UI shows the TA certificate and the configured SSL server certificate with ‘web’ usage

with any intermediate certificates in the chain. The display will match the Certificate Detail

format as described in “Show profile specific” (page 515).

• The web UI must be able to replace an SSL server certificate (as it currently does.)

• The web UI does not need to provide ‘zeroization’ of any certificates. See “Zeroization”

(page 511).

Web support 517