3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

191

192

193

194

195

196

197

198

199

200

Certificate Request Configuration 191

PKI IPsec policy recommends using RA as the registration organization.

For details about the entity-name argument, refer to “Configuring Entity Name

Space” “Configuring Entity Name Space”.

Configuring registration server location

The registration server location (i.e., URL) needs to be specified. Then entities can

present to this server the certificate request using simple certification enrollment

protocol (SCEP), a protocol to communicate with certification authority.

Perform the following configuration in PKI domain view.

By default, no registration server location is specified.

Configuring the IP address of the LDAP server

In PKI system, it is a core problem to store the user certificates and CRLs. Generally,

LDAP directory server is used to distribute certificates and CRLs.

Perform the following configuration in PKI domain view.

By default, no IP address or port is specified for the LDAP server. Currently it is

LDAP version 2.

Configuring fingerprint for root certificate authentication

When the IPsec module gets an identity certificate from the CA, it will need the

CA root certificate to make sure that the identity certificate is true and legal. In

addition, when the IPsec module obtains CA root certificate, it needs to validate its

fingerprint, that is, the hash value of the root certificate contents, which is unique

for each certificate. If the fingerprint is different with that configured with the

command below, the IPsec module denies the root certificate. The fingerprint can

be MD5 or SHA1 format.

Perform the following configurations in PKI domain view.

Tab le 189 Specify registration server location

Operation Command

Specify the location of a registration server certificate request url string

Delete the location setting undo certificate request url

Tab le 190 Specify the IP address of the LDAP server

Operation Command

Specify the IP address of the LDAP server

ldap-server ip ip-address [ port port-num ] [

version version-number ]

Delete the IP address of the LDAP server undo ldap-server

Tab le 191 Configure the fingerprint for root certificate authentication

Operation Command

Configure the fingerprint for root certificate

authentication

root-certificate fingerprint { md5 | sha1 }

string