HP VPN Firewall Appliances VPN Configuration Guide
287
b. Click Retrieve CRL corresponding to PKI domain 1.
7. Configure IKE proposal 1, using RSA signature for identity authentication:
a. From the navigation tree, select VPN > IKE > Proposal.
b. Click Add.
c. Enter 1 as the IKE proposal number, select RSA Signature as the authentication method, and
click Apply.
8. Configure an IKE peer and reference the configuration of the PKI domain for the IKE peer:
a. From the navigation tree, select VPN > IKE > Peer.
b. Click Add.
c. Enter peer as the peer name, select PKI Domain, select the PKI domain 1, and click Apply.
The preceding configuration procedure covers only the configurations for IKE negotiation using RSA
digital signature. For an IPsec tunnel to be established, you also need to perform IPsec configurations. For
information about IPsec configuration, see "Configuring IPsec."
Configuring PKI at the CLI
PKI configuration task list
Task Remarks
Configuring an entity DN Required.
Configuring a PKI domain Required.
Requesting a PKI certificate
Requesting a certificate in auto
mode
Required.
Use either approach.
Requesting a certificate in manual
mode
Retrieving a certificate manually Optional.
Verifying PKI certificates Optional.
Destroying the local RSA key pair Optional.
Deleting a certificate Optional.
Configuring an access control policy Optional.
Configuring an entity DN
A certificate is the binding of a public key and the identity information of an entity, where the identity
information is identified by an entity distinguished name (DN). A CA identifies a certificate applicant
uniquely by entity DN.
An entity DN is defined by these parameters:
• Common name of the entity.
• Country code of the entity, a standard 2-character code. For example, CN represents China and US
represents the United States.