HP e-Commerce / XML director server appliance sa8250 - Users Guide
C H A P T E R 6 SA8250 Scenarios
257
Scenario 7:
Using CRLs
The SA8250 can be configured to work with Client Revocation Lists
(CRLs). In this scenario, the SA8250 uses a CRL to validate that a
client certificate is not expired, meaning that it does not display in the
CRL. For more information on CRLs, see Appendix B.
Prerequisites for Scenario 7
NOTE: Scenario 7
assumes that you have
already completed all
steps in Scenario 5.
• A Web server
• A SA8250
• A valid client authentication (CA) certificate
• A public key infrastructure (PKI) server with a CA certificate
and the ability to:
• generate a CRL
• revoke certificates
• export the CRL using FTP, HTTP, or LDAP
Procedure for Scenario 7
Using this procedure, you will configure the SA8250 to use a CRL.
NOTE: The SA8250
cannot use CRLs with
more than 10,000 serial
numbers.
1. Telnet to the SA8250 and log on as the administrator (
admin).
The Command Line prompt displays:
HP SA8250#
2. To move the prompt to the SSL service in the Richtest policy
group, type this command:
HP SA8250#config policygroup richtest service
SSL
3. To navigate to client-ca, type this command:
HP SA8250/config/policygroup/richtest/service/
SSL#key client-ca
4. To import the CA certificate from the PKI server, type this
command:
HP SA8250/config/policygroup/richtest/service/
SSL/key/client-ca#import