HP HSR6602-XG TAA-compliant Router : R3303-HP 6600/HSR6600 Routers Security Configuration Guide : Page 7

v

Performing configurations in user profile view ········································································································· 199

Enabling a user profile ················································································································································ 199

Displaying and maintaining user profile ··················································································································· 199

Configuring password control ································································································································ 200

Overview ······································································································································································· 200

FIPS compliance ··························································································································································· 202

Password control configuration task list ····················································································································· 203

Enabling password control ········································································································································· 203

Setting global password control parameters ············································································································ 204

Setting user group password control parameters ····································································································· 205

Setting local user password control parameters ······································································································· 206

Setting super password control parameters ·············································································································· 206

Setting a local user password in interactive mode ··································································································· 207

Displaying and maintaining password control ········································································································· 207

Password control configuration example ·················································································································· 208

Configuring RSH ····················································································································································· 211

Configuration prerequisites ········································································································································· 211

Configuration procedure ············································································································································· 211

RSH configuration example ········································································································································ 211

Managing public keys ············································································································································ 214

FIPS compliance ··························································································································································· 214

Configuration task list ·················································································································································· 214

Exporting an RSA key pair ·········································································································································· 216

Importing an RSA key pair ·········································································································································· 216

Creating a local asymmetric key pair ························································································································ 217

Displaying or exporting the local host public key ···································································································· 217

Displaying and recording the host public key information ······················································································ 218

Displaying the host public key in a specific format and saving it to a file ···························································· 218

Exporting the host public key in a specific format to a file ····················································································· 218

Destroying a local asymmetric key pair ···················································································································· 219

Exporting an RSA key pair ·········································································································································· 219

Importing an RSA key pair ·········································································································································· 219

Specifying the peer public key on the local device ·································································································· 220

Displaying public keys ················································································································································· 221

Public key configuration examples ····························································································································· 221

Manually specifying the peer public key on the local device ········································································ 221

Importing a public key from a public key file ··································································································· 223

Exporting and importing an RSA key pair········································································································ 226

Configuring PKI ······················································································································································· 229

Overview ······································································································································································· 229

PKI terms ······························································································································································· 229

PKI architecture ···················································································································································· 230

PKI operation ······················································································································································· 231

PKI applications ··················································································································································· 231

FIPS compliance ··························································································································································· 231

PKI configuration task list ············································································································································ 231

Configuring a PKI entity ·············································································································································· 232

Configuring a PKI domain ··········································································································································· 233

Requesting a certificate ··············································································································································· 235

Configuring automatic certificate request ········································································································· 235

Manually requesting a certificate ······················································································································ 235

Obtaining certificates ·················································································································································· 236