R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

121

122

123

124

125

126

127

128

129

130

122

Follow these steps to display or export the local RSA or DSA host public key:

To do… Use the command…

Remarks

Enter system view system-view —

Display the local RSA host public key on the

screen in a specified format, or export it to

a specified file

public-key local export rsa

{ openssh | ssh1 | ssh2 }

[ filename ]

Select a command

according to the type of

the key to be exported.

Display the local DSA host public key on

the screen in a specified format, or export it

to a specified file

public-key local export dsa

{ openssh | ssh2 } [ filename ]

Destroying an asymmetric key pair

An asymmetric key pair may expire or leak. In this case, you need to destroy it and generate a new pair.

Follow these steps to destroy an asymmetric key pair:

To do… Use the command…

Remarks

Enter system view system-view —

Destroy an asymmetric key pair public-key local destroy { dsa | rsa } Required

Configuring the public key of a peer

To authenticate the remote host, you need to configure the RSA or DSA public key of that peer on the local

host.

To configure the public key of the peer, you can:

• Configure it manually: You can input on or copy the public key of the peer to the local host.

• Import it from the public key file: The system automatically converts the public key to a string coded

using the PKCS (Public Key Cryptography Standards). Before importing the public key, you must

upload the peer's public key file (in binary) to the local host through FTP or TFTP.

NOTE:

• If you choose to input the public key, the public key must be in a correct format. The key data displayed

by the display public-key local public command can be used to meet the format requirements. The

public key displayed in other methods may not meet the format requirements, and the

format-incompliant key cannot be saved. HP recommend you configure the public key of the peer by

importing it from a public key file.

• The device supports up to 20 host pubic keys of peers.

Follow these steps to configure the public key of a peer manually:

To do… Use the command…

Remarks

Enter system view system-view —

Enter public key view public-key peer keyname —

Enter public key code view public-key-code begin —