R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

101

• Modify the certificate service attributes

From the start menu, select Control Panel > Administrative Tools > Certificate Authority. If the CA server

and SCEP add-on have been installed successfully, there should be two certificates issued by the CA to

the RA. Right-click on the CA server in the navigation tree and select Properties > Policy Module. Click

Properties and then select Follow the settings in the certificate template, if applicable. Otherwise,

automatically issue the certificate.

• Modify the Internet Information Services (IIS) attributes

From the start menu, select Control Panel > Administrative Tools > Internet Information Services (IIS)

Manager and then select Web Sites from the navigation tree. Right-click on Default Web Site and select

Properties > Home Directory. Specify the path for certificate service in the Local path text box. In addition,

you are recommended to specify an available port number as the TCP port number of the default website

to avoid conflict with existing services.

After completing the above configuration, check that the system clock of the LB module is synchronous to

that of the CA server, ensuring that the LB module can request a certificate normally.

3. Configure the LB module

• Configure the entity DN

# Configure the entity name as aaa and the common name as LB.

<LB> system-view

[LB] pki entity aaa

[LB-pki-entity-aaa] common-name LB

[LB-pki-entity-aaa] quit

• Configure the PKI domain

# Create PKI domain torsa and enter its view.

[LB] pki domain torsa

# Configure the name of the trusted CA as myca.

[LB-pki-domain-torsa] ca identifier myca

# Configure the URL of the registration server in the format of http://host:port/ certsrv/mscep/mscep.dll,

where host:port indicates the IP address and port number of the CA server.

[LB-pki-domain-torsa] certificate request url

http://4.4.4.1:8080/certsrv/mscep/mscep.dll

# Set the registration authority to RA.

[LB-pki-domain-torsa] certificate request from ra

# Specify the entity for certificate request as aaa.

[LB-pki-domain-torsa] certificate request entity aaa

• Generate a local key pair using RSA

[LB] public-key local create rsa

The range of public key size is (512 ~ 2048).

NOTES: If the key modulus is greater than 512,

It will take a few minutes.

Press CTRL+C to abort.

Input the bits in the modulus [default = 1024]:

Generating Keys...

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++