HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

961

962

963

964

965

966

967

968

969

970

945

[Firewall-pki-entity-en] fqdn ssl.security.com

[Firewall-pki-entity-en] quit

# Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as

http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the

entity for certificate request as en.

[Firewall] pki domain 1

[Firewall-pki-domain-1] ca identifier ca server

[Firewall-pki-domain-1] certificate request url

http://10.1.2.2/certsrv/mscep/mscep.dll

[Firewall-pki-domain-1] certificate request from ra

[Firewall-pki-domain-1] certificate request entity en

[Firewall-pki-domain-1] quit

# Create the local RSA key pairs.

[Firewall] public-key local create rsa

# Retrieve the CA certificate.

[Firewall] pki retrieval-certificate ca domain 1

# Request a local certificate for the firewall.

[Firewall] pki request-certificate domain 1

# Create an SSL server policy named myssl.

[Firewall] ssl server-policy myssl

# Specify the SSL server policy to use PKI domain 1.

[Firewall-ssl-server-policy-myssl] pki-domain 1

# Enable client authentication.

[Firewall-ssl-server-policy-myssl] client-verify enable

[Firewall-ssl-server-policy-myssl] quit

# Configure HTTPS to use SSL server policy myssl.

[Firewall] ip https ssl-server-policy myssl

# Enable the HTTPS server.

[Firewall] ip https enable

# Create a local user named usera, and set the password to 123 and service type to web.

[Firewall] local-user usera

[Firewall-luser-usera] password simple 123

[Firewall-luser-usera] service-type web

2. Configure the HTTPS client on the host:

Launch IE on the host, enter http://10.1.2.2/certsrv in the address bar, and request a certificate

for the host as prompted.

3. Verify the configuration:

Launch IE on the host, enter https://10.1.1.1 in the address bar and select the certificate issued by

the CA server. The login page of the firewall appears. After you enter the username usera and the

password 123, the Web interface of the firewall appears.

For more information about PKI commands and the public-key local create rsa command, see VPN

Command Reference. For more information about HTTPS, see Getting Started Guide.