Manualshelf

HP TMS zl Module Security Administrator's Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
581582583584585586587588589590
4-406
Configuring a VPN on the HP TMS zl Module
Manage Certificates
You must select the same algorithm that is used by the private key. That
is, select MD5 with RSA or SHA-1 with RSA for an RSA key; select SHA-1
with DSA for a DSA key.
9. For Private Key Identifier, select the private key that you added in “Generate
or Install a Private Key” on page 4-394.
10. For Subject Name, type the FQDN of the TMS zl Module. Use the format
<name.domainname>. For example, type TMS.hplabs.com.
The certificate request will store this name as a distinguished name,
automatically adding /CN= to the name that you type.
11. In the Subject Alternate Names section, you can specify other IDs with
which the module identifies itself. Specifying these IDs is optional:
a. Type an IP address in one or both IP Address boxes.
Typically, the IP address is the module’s public IP address, but you
can specify any valid IP address.
b. Type an FQDN in one or both Domain Name boxes.
c. Type an email address in one or both Email ID boxes.
The email address must be entered in a valid format, but it does not
actually have to exist. It is simply an ID.
Note The subject name or one of the subject alternate names must match these
settings:
The local ID that you specified when you created an IKE policy or ran a
deployment wizard
The remote ID in IKE policies on remote tunnel endpoints that verify this
certificate
The name must match in both type and value. For example, if you have typed
TMS.hplabs.com for Subject Name in the certificate request, the local ID on the
module and the remote ID on the remote tunnel endpoint must use these
settings:
Type = Distinguished Name
Value = /CN=TMS.hp.com
If you added a subject alternate name, you could specify those settings
instead—for example, IP Address for Type and 10.1.1.1 for Value.