HP VPN Firewall Appliances VPN Configuration Guide
295
Ste
p
Command
Remarks
5. Create a certificate
attribute-based access control
policy and enter its view.
pki certificate access-control-policy
policy-name
No access control policy exists by
default.
6. Configure a certificate
attribute-based access control
rule.
rule [ id ] { deny | permit }
group-name
No access control rule exists by
default.
A certificate attribute group must
exist to be associated with a rule.
Displaying PKI
Task Command
Remarks
Display the contents or request
status of a certificate.
display pki certificate { { ca | local }
domain domain-name | request-status }
[ | { begin | exclude | include }
regular-expression ]
Available in any view.
Display CRLs.
display pki crl domain domain-name [ |
{ begin | exclude | include }
regular-expression ]
Available in any view.
Display information about one or
all certificate attribute groups.
display pki certificate attribute-group
{ group-name | all } [ | { begin |
exclude | include } regular-expression ]
Available in any view.
Display information about one or
all certificate attribute-based
access control policies.
display pki certificate
access-control-policy { policy-name |
all } [ | { begin | exclude | include }
regular-expression ]
Available in any view.
Certificate request from an RSA Keon CA server configuration
example
Network requirements
The firewall submits a local certificate request to the CA server. The firewall obtains the CRLs for
certificate verification.
Figure 211 Network diagram
Configuring the CA server
1. Create a CA server named myca:
a. Configure these basic attributes on the CA server: