Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
12345678910
vi
Troubleshooting IKEv2 ················································································································································· 244
No matching IKEv2 proposal found ·················································································································· 244
IPsec tunnels cannot be set up ··························································································································· 245
Configuring PKI ······················································································································································· 246
Overview ······································································································································································· 246
PKI terminology ···················································································································································· 246
PKI architecture ···················································································································································· 247
PKI operation ······················································································································································· 247
PKI applications ··················································································································································· 248
FIPS compliance ·················································································································································· 248
PKI configuration task list ············································································································································ 248
Configuring an entity DN ············································································································································ 249
Configuring a PKI domain ··········································································································································· 250
Requesting a PKI certificate ········································································································································· 252
Configuring automatic certificate request ········································································································· 252
Manually requesting a certificate ······················································································································ 253
Retrieving a certificate manually ································································································································ 254
Verifying PKI certificates ·············································································································································· 255
Verifying certificates with CRL checking ··········································································································· 255
Verifying certificates without CRL checking ······································································································ 256
Destroying the local RSA key pair ······························································································································ 256
Deleting a certificate ···················································································································································· 256
Configuring a certificate access control policy ········································································································· 257
Displaying and maintaining PKI ································································································································· 257
PKI configuration examples ········································································································································· 258
Certificate request from an RSA Keon CA server ···························································································· 258
Certificate request from a Windows 2003 CA server ···················································································· 261
IKE negotiation with RSA digital signature ······································································································· 264
Certificate access control policy configuration example················································································· 266
Troubleshooting PKI configurationTroubleshooting PKI configuration ···································································· 268
Failed to obtain the CA certificate ····················································································································· 268
Failed to request local certificates ····················································································································· 268
Failed to retrieve CRLs ········································································································································ 269
Managing public keys ············································································································································ 270
FIPS compliance ··························································································································································· 270
Configuration task list ·················································································································································· 271
Creating a local asymmetric key pair ························································································································ 271
Displaying or exporting the local host public key ···································································································· 272
Displaying and recording the host public key information ······················································································ 273
Displaying the host public key in a specific format and saving it to a file ···························································· 273
Exporting the host public key in a specific format to a file ····················································································· 273
Destroying a local asymmetric key pair ···················································································································· 274
Configuring the local RSA key pair for certificate request ······················································································ 274
Exporting an RSA key pair ·········································································································································· 274
Importing an RSA key pair ·········································································································································· 275
Specifying the peer public key on the local device ·································································································· 275
Displaying public keys ················································································································································· 276
Public key configuration examples ····························································································································· 277
Manually specifying the peer public key on the local device ········································································ 277
Importing a public key from a public key file ··································································································· 279
Exporting and importing an RSA key pair········································································································ 281
Configuring RSH ····················································································································································· 284
Configuration prerequisites ········································································································································· 284