Manualshelf

R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
12345678910
iii
Configuring an entity DN ····································································································································· 89
Configuring a PKI domain ···································································································································· 91
Submitting a PKI certificate request ····················································································································· 92
Submitting a certificate request in manual mode ······························································································· 93
Retrieving a certificate manually ·························································································································· 94
Configuring PKI certificate verification ················································································································ 94
Destroying a local RSA key pair ·························································································································· 95
Deleting a certificate ············································································································································· 96
Configuring an access control policy ·················································································································· 96
Displaying and maintaining PKI ·························································································································· 96
PKI configuration examples ·································································································································· 97
Troubleshooting PKI ····················································································································································· 107
Failed to retrieve a CA certificate ······················································································································ 107
Failed to request a Local certificate ··················································································································· 108
Failed to retrieve CRLs ········································································································································ 108
Configuration guidelines ············································································································································· 109
Public key configuration ········································································································································· 110
Overview ······································································································································································· 110
Public key configuration task list ································································································································· 111
Configuring a local asymmetric key pair on the local device ················································································· 111
Creating a local asymmetric key pair ··············································································································· 111
Displaying or exporting the local host public key ··························································································· 112
Destroying a local asymmetric key pair ············································································································ 113
Specifying the peer public key on the local device ·································································································· 113
Displaying and maintaining public keys ··················································································································· 114
Public key configuration examples ····························································································································· 114
Manually specifying the peer public key on the local device ········································································ 114
Importing a public key from a public key file ··································································································· 116
SSL configuration ···················································································································································· 119
SSL overview ································································································································································· 119
SSL security mechanism ······································································································································ 119
SSL protocol stack ··············································································································································· 120
SSL configuration task list ············································································································································ 120
Configuring an SSL server policy ······························································································································· 121
Configuration prerequisites ································································································································ 121
Configuration procedure ···································································································································· 121
SSL server policy configuration example ·········································································································· 122
Configuring an SSL client policy ································································································································ 124
Configuration prerequisites ································································································································ 124
Configuration procedure ···································································································································· 124
Displaying and maintaining SSL ································································································································· 125
Troubleshooting SSL ····················································································································································· 125
AAA configuration ·················································································································································· 126
AAA overview ······························································································································································ 126
RADIUS ·········································································································································································· 127
Client/server model ············································································································································ 127
Security and authentication mechanisms ·········································································································· 127
Basic RADIUS message exchange process ······································································································ 128
RADIUS packet format ········································································································································ 129
Extended RADIUS attributes ······························································································································· 131
Domain-based user management ······························································································································· 132
Protocols and standards ·············································································································································· 133
AAA configuration considerations and task list ········································································································ 133