F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices VPN Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

311

312

313

314

315

316

317

318

319

320

303

After completing the configuration, perform CRL related configurations. In this example, select the

local CRL distribution mode of HTTP and set the HTTP URL to http://4.4.4.133:447/myca.crl.

After the configuration, make sure the system clock of the firewall is synchronous to that of the CA, so that

the firewall can request certificates and retrieve CRLs properly.

531BConfiguring the firewall

1. Configure the entity name as aaa and the common name as firewall:

<Firewall> system-view

[Firewall] pki entity aaa

[Firewall-pki-entity-aaa] common-name Firewall

[Firewall-pki-entity-aaa] quit

2. Configure the PKI domain:

# Create PKI domain torsa and enter its view.

[Firewall] pki domain torsa

# Configure the name of the trusted CA as myca.

[Firewall-pki-domain-torsa] ca identifier myca

# Configure the URL of the registration server in the format of http://host:port/Issuing Jurisdiction

ID, where Issuing Jurisdiction ID is a hexadecimal string generated on the CA server.

[Firewall-pki-domain-torsa] certificate request url

http://4.4.4.133:446/c95e970f632d27be5e8cbf80e971d9c4a9a93337

# Set the registration authority to CA.

[Firewall-pki-domain-torsa] certificate request from ca

# Specify the entity for certificate request as aaa.

[Firewall-pki-domain-torsa] certificate request entity aaa

# Configure the URL for the CRL distribution point.

[Firewall-pki-domain-torsa] crl url http://4.4.4.133:447/myca.crl

[Firewall-pki-domain-torsa] quit

3. Generate a local key pair using RSA.

[Firewall] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Press CTRL+C to abort.

Input the bits in the modulus [default = 1024]:

Generating Keys...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++

4. Apply for certificates:

# Retrieve the CA certificate and save it locally.

[Firewall] pki retrieval-certificate ca domain torsa

Retrieving CA/RA certificates. Please wait a while......

The trusted CA's finger print is:

MD5 fingerprint:EDE9 0394 A273 B61A F1B3 0072 A0B1 F9AB