R3166-R3206-HP High-End Firewalls VPN Configuration Guide-6PW101
iii
Key algorithm types ············································································································································· 120
Asymmetric key algorithm applications ············································································································ 120
Configuring the local asymmetric key pair ··············································································································· 121
Creating an asymmetric key pair ······················································································································ 121
Displaying or exporting the local RSA or DSA host public key······································································ 121
Destroying an asymmetric key pair ··················································································································· 122
Configuring the public key of a peer ························································································································· 122
Displaying and maintaining public keys ··················································································································· 123
Public key configuration examples ····························································································································· 123
Configuring the public key of a peer manually ······························································································· 123
Importing the public key of a peer from a public key file ··············································································· 125
PKI configuration ····················································································································································· 128
PKI overview ································································································································································· 128
PKI terms ······························································································································································· 128
Architecture of PKI ··············································································································································· 128
Applications of PKI ·············································································································································· 129
Operation of PKI ·················································································································································· 130
Configuring PKI in the web interface ························································································································· 130
Configuration task list ········································································································································· 130
Creating a PKI entity ··········································································································································· 133
Creating a PKI domain ······································································································································· 134
Generating an RSA key pair ······························································································································ 136
Destroying the RSA key pair ······························································································································ 137
Retrieving a certificate ········································································································································ 137
Requesting a local certificate ····························································································································· 138
Retrieving and displaying a CRL ························································································································ 139
PKI configuration examples ································································································································ 140
Configuring PKI in the CLI ··········································································································································· 145
Complete the following tasks to configure PKI: ································································································ 145
Configuring an entity DN ··································································································································· 146
Configuring a PKI domain ·································································································································· 147
Submitting a PKI certificate request ··················································································································· 148
Retrieving a certificate manually ························································································································ 150
Configuring PKI certificate verification ·············································································································· 151
Configuring CRL-checking-enabled PKI certificate verification ······································································· 151
Destroying a local RSA or DSA key pair ·········································································································· 152
Deleting a certificate ··········································································································································· 152
Configuring an access control policy ················································································································ 153
Displaying and maintaining PKI ························································································································ 153
PKI configuration examples ································································································································ 154
Configuration guidelines ············································································································································· 164
Support and other resources ·································································································································· 165
Contacting HP ······························································································································································ 165
Subscription service ············································································································································ 165
Related information ······················································································································································ 165
Documents ···························································································································································· 165
Websites ······························································································································································· 165
Conventions ·································································································································································· 166
Index ········································································································································································ 168