Manualshelf

R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
141142143144145146147148149150
136
Item Descri
p
tion
Enable CRL
Checking
Select this box to specify that CRL checking is required during certificate verification.
CRL Update Period
Type the CRL update period, that is, the interval at which the PKI entity downloads the
latest CRLs.
This item is available when the Enable CRL Checking check box is selected.
By default, the CRL update period depends on the next update field in the CRL file.
CRL URL
Type the URL of the CRL distribution point.
This item is available when the Enable CRL Checking check box is selected.
When the URL of the CRL distribution point is not set, you should acquire the CA
certificate and a local certificate, and then acquire a CRL through SCEP.
IMPORTANT:
This item does not support domain name resolution.
Return to Configuration task list for requesting a certificate manually.
Return to Configuration task list for requesting a certificate automatically.
Generating an RSA key pair
Select VPN > PKI > Certificate from the navigation tree to display existing PKI certificates, as shown
in Figure 76. C
lick Create Key to enter the RSA key pair generation page, as shown in Figure 77.
Figure 76 Certificate list
Figure 77 RSA key pair generation page
Table 32 Configuration items for generating an RSA key pair
Item Descri
p
tion
Key Length
Type the length of the RSA keys.