HP VPN Firewall Appliances VPN Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

144

Views

PKI domain view

Default command level

2: System level

Parameters

md5: Uses an MD5 fingerprint.

sha1: Uses a SHA1 fingerprint.

string: Fingerprint to be used. An MD5 fingerprint must be a string of 32 characters in hexadecimal. A

SHA1 fingerprint must be a string of 40 characters in hexadecimal.

Examples

# Configure an MD5 fingerprint for verifying the validity of the CA root certificate.

<Sysname> system-view

[Sysname] pki domain 1

[Sysname-pki-domain-1] root-certificate fingerprint md5

12EF53FA355CD23E12EF53FA355CD23E

# Configure a SHA1 fingerprint for verifying the validity of the CA root certificate.

[Sysname-pki-domain-1] root-certificate fingerprint sha1

D1526110AAD7527FB093ED7FC037B0B3CDDDAD93

rule (PKI CERT ACP view)

Use rule to create a certificate attribute access control rule.

Use undo rule to delete one or all access control rules.

Syntax

rule [ id ] { deny | permit } group-name

undo rule { id | all }

Default

No access control rule exists.

Views

PKI certificate access control policy view

Default command level

2: System level

Parameters

id: Number of the certificate attribute access control rule, in the range of 1 to 16. The default is the

smallest unused number in this range.

deny: Indicates that a certificate whose attributes match an attribute rule in the specified attribute group

is considered invalid and denied.

permit: Indicates that a certificate whose attributes match an attribute rule in the specified attribute group

is considered valid and permitted.