Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
111112113114115116117118119120
107
[LB] pki certificate attribute-group mygroup2
[LB-pki-cert-attribute-group-mygroup2] attribute 1 alt-subject-name fqdn nctn apple
[LB-pki-cert-attribute-group-mygroup2] attribute 2 issuer-name dn ctn aabbcc
[LB-pki-cert-attribute-group-mygroup2] quit
4. Configure the certificate attribute-based access control policy
# Create the certificate attribute-based access control policy of myacp and add two access control rules.
[LB] pki certificate access-control-policy myacp
[LB-pki-cert-acp-myacp] rule 1 deny mygroup1
[LB-pki-cert-acp-myacp] rule 2 permit mygroup2
[LB-pki-cert-acp-myacp] quit
5. Apply the SSL server policy and certificate attribute-based access control policy to HTTPS service
and enable HTTPS service.
# Apply SSL server policy myssl to HTTPS service.
[LB] ip https ssl-server-policy myssl
# Apply the certificate attribute-based access control policy of myacp to HTTPS service.
[LB] ip https certificate access-control-policy myacp
# Enable HTTPS service.
[LB] ip https enable
Troubleshooting PKI
Failed to retrieve a CA certificate
Symptom
Failed to retrieve a CA certificate.
Analysis
Possible reasons include these:
The network connection is not proper. For example, the network cable may be damaged or loose.
No trusted CA is specified.
The URL of the registration server for certificate request is not correct or not configured.
No authority is specified for certificate request.
The system clock of the LB module is not synchronized with that of the CA.
Solution
Make sure that the network connection is physically proper.
Check that the required commands are configured properly.
Use the ping command to check that the RA server is reachable.
Specify the authority for certificate request.
Synchronize the system clock of the LB module with that of the CA.