Manualshelf

F3215-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
111112113114115116117118119120
111
Figure 41 Network diagram
Configuration considerations
To achieve the goal, perform the following configurations:
Configure LB module to work as the HTTPS server and request a certificate for LB module.
Request a certificate for Host so LB module can authenticate the identity of Host.
Configure a CA server to issue certificates to LB module and Host.
Configuration procedure
In this example, the CA server runs Windows Server and has the SCEP plug-in installed.
Before performing the following configurations, make sure LB module, the host, and the CA server can
reach each other.
1. Configure the HTTPS server on LB:
# Create a PKI entity named en, and configure the common name as http-server1 and the FQDN
as ssl.security.com.
<LB> system-view
[LB] pki entity en
[LB-pki-entity-en] common-name http-server1
[LB-pki-entity-en] fqdn ssl.security.com
[LB-pki-entity-en] quit
# Create PKI domain 1, specify the trusted CA as ca server, the URL of the registration server as
http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate request as RA, and the
entity for certificate request as en.
[LB] pki domain 1
[LB-pki-domain-1] ca identifier ca server
[LB-pki-domain-1] certificate request url http://10.1.2.2/certsrv/mscep/mscep.dll
[LB-pki-domain-1] certificate request from ra
[LB-pki-domain-1] certificate request entity en
[LB-pki-domain-1] quit
# Create the local RSA key pairs.
[LB] public-key local create rsa
# Retrieve the CA certificate.
[LB] pki retrieval-certificate ca domain 1
# Request a local certificate for LB module.
[LB] pki request-certificate domain 1
# Create an SSL server policy named myssl.
[LB] ssl server-policy myssl