R0106-HP MSR Router Series Security Configuration Guide(V7)
205
Figure 66 PKI support for MPLS L3VPN
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non-FIPS mode.
Security strength
By default, the device provides low encryption. To obtain high encryption, you must install the Strong
Cryptography feature license. This feature provides stronger cryptography, additional IPsec tunnels, and
higher encryption performance. For more information about obtaining the Strong Cryptography feature
license, see the release notes or contact your HP sales representative.
Support for features, commands, and parameters differs with the cryptography capability.
PKI configuration task list
Tasks at a glance
(Required.) Configuring a PKI entity
(Required.) Configuring a PKI domain
(Required.) Requesting a certificate:
• Configuring automatic certificate request
• Manually requesting a certificate
(Optional.) Aborting a certificate request
(Optional.) Obtaining certificates
(Optional.) Verifying PKI certificates
(Optional.) Specifying the storage path for the certificates and CRLs
(Optional.) Exporting certificates
(Optional.) Removing a certificate
(Optional.) Configuring a certificate access control policy