R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

231

232

233

234

235

236

237

238

239

240

221

Task Remarks

Manually requesting a

certificate

Use either method.

Obtaining certificates Optional.

Verifying PKI certificates Optional.

Destroying the local RSA key pair Optional.

Removing a certificate Optional.

Configuring an access control policy Optional.

Configuring a PKI entity

A certificate is the binding of a public key and the identity information of an entity, where the identity

information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant

uniquely by entity DN.

An entity DN is defined by these parameters:

• Common name of the entity.

• Country code of the entity, a standard 2-character code. For example, CN represents China and US

represents the United States.

• FQDN of the entity, a unique identifier of an entity on the network. It consists of a host name and

a domain name and can be resolved to an IP address. For example,

www.whatever.com is an

FQDN, where www is a host name and whatever.com a domain name.

• IP address of the entity.

• Locality where the entity resides.

• Organization to which the entity belongs.

• Unit of the entity in the organization.

• State where the entity resides.

The configuration of an entity DN must comply with the CA certificate issue policy. You need to determine,

for example, which entity DN parameters are mandatory and which are optional. Otherwise, certificate

requests might be rejected.

To configure a PKI entity:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create an entity and enter its

view.

pki entity entity-name

No entity exists by default.

You can create up to two entities

on a device.

3. Configure the common name

for the entity.

common-name name

Optional.

No common name is specified by

default.