TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1281

A-57

Command-Line Reference

Global Configuration Context

Enter the following command to generate a certificate request:

Syntax: certificates generate request <certificate request name> signature <rsa-sha1

| rsa-md5 | dsa-sha1 > private-key id <ID> subject <subject name> [alternative-name

<extended options>]

Replace <certificate request name> with a descriptive alphanumeric string.

The name must be unique for this request.

Replace <ID> with the string that you assigned to a private key. The key’s

algorithm must match the signature that you specify for the certificate.

Replace <subject name> with the FQDN of the TMS zl Module. Use the

format <name.domainname>. For example, type TMS.procurve.com. The certif-

icate request will store this name as a distinguished name, automatically

adding /CN= to the name that you type.

You can set extended options for capturing an interface by typing additional

keywords after the network interface. You can specify several combinations

of the extended options shown in Table A-8, and you can enter the options in

almost any order.

Table A-16. Extended Options

Note The subject name or one of the alternate names must match these settings:

■ The local ID in IKE policies that use this certificate

■ The remote ID in IKE policies on remote tunnel endpoints that verify this

certificate

The name must match in both type and value. For example, if you have typed

TMS.procurve.com for Subject Name in the certificate request, the local ID on

the module and the remote ID on the remote tunnel endpoint must use these

settings:

■ Type = Distinguished Name

■ Value = /CN=TMS.procurve.com

Extended Command Option Purpose

ip-addr-1 <IP address> Specifies an IP addresses that the module uses to identify itself. Typically, the IP

address is the module’s public IP address, but you can specify any valid IP address.

You can specify up to two alternate name IP addresses.

ip-addr-2 <IP address>

domain-1 <domain name> Specifies an FQDNs that the module uses to identify itself. You can specify up to

two alternate name FQDNs.

domain-2 <domain name>

email-id-1 <email address> Specifies an email address that the module uses to identify itself. The email address

must be entered in a valid format, but it does not actually have to exist. It is simply

an ID. You can specify up to two alternate name email addresses.

email-id-2 <email address>