F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100
294
b. Click Retrieve CRL corresponding to PKI domain 1.
7. Configure IKE proposal 1, using RSA signature for identity authentication:
a. From the navigation tree, select VPN > IKE > Proposal.
b. Click Add.
c. Enter 1 as the IKE proposal number, select RSA Signature as the authentication method, and
click Apply.
8. Configure an IKE peer and reference the configuration of the PKI domain for the IKE peer:
a. From the navigation tree, select VPN > IKE > Peer.
b. Click Add.
c. Enter peer as the peer name, select PKI Domain, select the PKI domain 1, and click Apply.
The preceding configuration procedure covers only the configurations for IKE negotiation using RSA
digital signature. For an IPsec tunnel to be established, you also need to perform IPsec configurations. For
information about IPsec configuration, see "Configuring IPsec."
54B
Configuring PKI at the CLI
257BPKI configuration task list
Task Remarks
901H
Configuring an entity DN Required.
902H
Configuring a PKI domain Required.
903H
Requesting a PKI certificate
904H
Requesting a certificate in auto
mode
Required.
Use either approach.
905H
Requesting a certificate in manual
mode
906H
Retrieving a certificate manually Optional.
907H
Verifying PKI certificates Optional.
908H
Destroying the local RSA key pair Optional.
909H
Deleting a certificate Optional.
910H
Configuring an access control policy Optional.
258BConfiguring an entity DN
A certificate is the binding of a public key and the identity information of an entity, where the identity
information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant
uniquely by entity DN.
An entity DN is defined by these parameters:
• Common name of the entity.
• Country code of the entity, a standard 2-character code. For example, CN represents China and US
represents the United States.