Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1241124212431244124512461247124812491250
A-55
Command-Line Reference
Global Configuration Context
certificates
If you use DSA or RSA signatures for the authentication method in an IKEv1
policy, you must install certificates on the TMS zl Module. With the certifi-
cates command, you can:
Generate private keys and certificate requests (page A-55)
Manually import CA certificates, IPsec certificates, CRLs, and private keys
(page A-57)
Import CA certificates, IPsec certificates, and CRLs using SCEP (page
A-57)
Remove CA certificates, IPsec certificates, CRL, private keys, and certif-
icate requests
certificates generate
Use this command to generate private keys and certificate requests on the
TMS zl Module. The TMS zl Module must have at least one private key before
you can generate a certificate request.
Enter the following command to generate a private key request:
Syntax: certificates generate private-key id <ID> algorithm < rsa | dsa > < size-512 |
size-1024 | size-2048 >
Replace <ID> with a string between 1 and 31 alphanumeric characters. The
string must be unique to this private key.
Enter the following command to generate a certificate request:
Syntax: certificates generate request <certificate request name> signature <rsa-
sha1 | rsa-md5 | dsa-sha1 > private-key id <ID> subject <subject name> [alternative-
name <extended options>]
Replace <certificate request name> with a descriptive alphanumeric string.
The name must be unique for this request.
Replace <ID> with the string that you assigned to a private key. The key’s
algorithm must match the signature that you specify for the certificate.
Replace <subject name> with the FQDN of the TMS zl Module. Use the
format <name.domainname>. For example, type TMS.procurve.com. The certif-
icate request will store this name as a distinguished name, automatically
adding /CN= to the name that you type.