R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

104

Figure 100 Apply RSA digital signature in IKE negotiation

2. Configure LB A

# Configure the entity DN.

<LB A> system-view

[LB A] pki entity en

[LB A-pki-entity-en] ip 2.2.2.1

[LB A-pki-entity-en] common-name LB A

[LB A-pki-entity-en] quit

# Configure the PKI domain. Note that the URL of the registration server varies with the CA server.

[LB A] pki domain 1

[LB A-pki-domain-1] ca identifier CA1

[LB A-pki-domain-1] certificate request url http://1.1.1.100/certsrv/mscep/mscep.dll

[LB A-pki-domain-1] certificate request entity en

[LB A-pki-domain-1] ldap-server ip 1.1.1.102

# Set the registration authority to RA.

[LB A-pki-domain-1] certificate request from ra

# Configure the CRL distribution URL. This is not necessary if CRL checking is disabled.

[LB A-pki-domain-1] crl url ldap://1.1.1.102

[LB A-pki-domain-1] quit

# Create a local key pair using RSA.

[LB A] public-key local create rsa

# Request a certificate.