Manualshelf

User's Manual

ManualsBrandsHP ManualsSwitchHP 1920-24G-PoE+ (370W) Switch
411412413414415416417418419420
399
Field Descri
p
tion
Last Update Last update time.
Next Update Next update time.
X509v3 CRL Number CRL sequence number
X509v3 Authority Key Identifier
Identifier of the CA that issued the certificate and the certificate version
(X509v3).
keyid
Pubic key identifier.
A CA might have multiple key pairs, and this field identifies which key
pair is used for the CRL signature.
No Revoked Certificates. No certificates are revoked.
PKI configuration example
Network requirements
As shown in Figure 381, configure the switch working as the PKI entity, so that:
The switch submits a local certificate request to the CA server, which runs the RSA Keon software.
The switch retrieves CRLs for certificate verification.
Figure 381 Network diagram
Configuring the CA server
1. Create a CA server named myca:
In this example, first configure the basic attributes of Nickname and Subject DN on the CA server:
the nickname is the name of the trusted CA, and the subject DN is the DN attributes of the CA,
including the common name, organization unit, organization, and country. Leave the default
values of the other attributes.
2. Configure extended attributes:
After configuring the basic attributes, configure the parameters on the Jurisdiction Configuration
page of the CA server. This includes selecting the proper extension profiles, enabling the SCEP
autovetting function, and adding the IP address list for SCEP autovetting.
3. Configure the CRL publishing behavior:
After completing the configuration, perform CRL related configurations.
In this example, select the local CRL publishing mode of HTTP and set the HTTP URL to
http://4.4.4.133:447/myca.crl.
After the configuration, make sure the system clock of the switch is synchronous to that of the CA,
so that the switch can request certificates and retrieve CRLs properly.