HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

271

272

273

274

275

276

277

278

279

280

262

Recommended configuration procedure for automatic request

Ste

Remarks

1. Creating a PKI entity

Required.

Create a PKI entity and configure the identity information.

A certificate is the binding of a public key and the identity information of

an entity, where the DN shows the identity information of the entity. A CA

identifies a certificate applicant uniquely by an entity DN.

The DN settings of an entity must be compliant to the CA certificate issue

policy. Otherwise, the certificate request might be rejected. You must

know the policy to determine which entity parameters are mandatory or

optional.

2. Creating a PKI domain

Required.

Create a PKI domain, setting the certificate request mode to Auto.

Before requesting a PKI certificate, an entity needs to be configured with

some enrollment information, which is referred to as a PKI domain.

A PKI domain is intended only for convenience of reference by other

applications like IKE and SSL, and has only local significance.

3. Destroying the RSA key pair

Optional.

Destroy the existing RSA key pair and the corresponding local certificate.

If the certificate to be retrieved contains an RSA key pair, you must

destroy the existing RSA key pair. Otherwise, the retrieving operation will

fail.

4. Retrieving and displaying a

certificate

Optional.

Retrieve an existing certificate and display its information.

IMPORTANT:

• Before retrieving a local certificate in online mode, be sure to

complete LDAP server configuration.

• If a PKI domain already has a CA certificate, you cannot retrieve

another CA certificate for it. This helps avoid inconsistency between

the certificate and registration information due to related

configuration changes. To retrieve a new CA certificate, use the pki

delete-certificate command to delete the existing CA certificate and

local certificate first.

5. Retrieving and displaying a

CRL

Optional.

Retrieve a CRL and display its contents.

Creating a PKI entity

1. From the navigation tree, select VPN > Certificate Management > Entity.