Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1241124212431244124512461247124812491250
A-58
Command-Line Reference
Global Configuration Context
Enter the following command to configure the SCEP Server:
Syntax: certificates scep server < <IP address> | domain-name <domain name> >
port <port> [cgi-path <path>] [ca-identifier <identifier>]
Replace <IP address> with the IP address of your CA server. If you select
the domain-name option instead, replace <domain name> with the FQDN of
your CA server.
Replace <port> with the port number on which your CA server listens for
SCEP messages (1 to 65535). The typical port is 80.
Replace <path> with the correct path to the program on the CA server that
executes SCEP functions. If you do not enter the cgi-path option, the default
path, /certsrv/mscep/mscep.dll, which is valid on a typical Windows CA, is used.
Your CA should tell you the correct CGI path.
Replace <identifier> with the value the CA uses to identify the TMS zl
Module. A unique CA identifier is not always necessary (in which case, you
can omit this segment of the command). Your CA should tell you if you need
to specify a unique identifier and, if you do, what it is.
For example:
ProCurve(tms-module-<slot ID>:config)# certificates scep
server 192.168.11.52 port 81 cgi-path /certsrv/mscep/
mscep.dll ca-identifier tms
Enter the following command to retrieve the CA certificate, IPsec certificate,
and CRL, respectively (you must retrieve the CA certificate before you can
retrieve the others):
Syntax: certificates scep retrieve ca
Syntax: certificates scep retrieve ipsec-cert subject <name> ca <certificate> type
<rsa-md5 | rsa-sha1> encryption <des | 3des> challenge <challenge> private-key
id <ID> <size-512 | size-1024 | size-2048>
Syntax: certificates scep retrieve crl ca <certificate>
Replace <name> with the TMS zl Modules FQDN after /CN=. The remote
gateway or client will use this subject name to authenticate the module.
Therefore, the subject name must match a remote ID that is configured on the
remote endpoint. You should also specify this name for the local ID value in
the IKE policy (the type is Distinguished Name).