R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
300
NOTE:
The preceding configuration procedure covers only the configurations for IKE negotiation using RSA
digital signature. For an IPsec tunnel to be established, you also need to perform IPsec confi
g
urations. For
information about IPsec configuration, see "Configuring IPsec."
Configuring PKI at the CLI
PKI configuration task list
Task Remarks
Configuring an entity DN Required.
Configuring a PKI domain Required.
Submitting a PKI certificate request
Submitting a certificate request in
auto mode
Required.
Use either approach.
Submitting a certificate request in
manual mode
Retrieving a certificate manually Optional.
Configuring PKI certificate verification Optional.
Destroying a local RSA key pair Optional.
Deleting a certificate Optional.
Configuring an access control policy Optional.
Configuring an entity DN
A certificate is the binding of a public key and the identity information of an entity, where the identity
information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant
uniquely by entity DN.
An entity DN is defined by these parameters:
• Common name of the entity.
• Country code of the entity, a standard 2-character code. For example, CN represents China and US
represents the United States.
• Fully qualified domain name (FQDN) of the entity, a unique identifier of an entity on the network.
It consists of a host name and a domain name and can be resolved to an IP address. For example,
www.whatever.com is an FQDN, where www is a host name and whatever.com a domain name.
• IP address of the entity.
• Locality where the entity resides.
• Organization to which the entity belongs.
• Unit of the entity in the organization.
• State where the entity resides.