Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1281128212831284128512861287128812891290
A-59
Command-Line Reference
Global Configuration Context
certificates scep
Use this command to configure the SCEP server. You can then use SCEP to
install the certificates that allow the TMS zl Module to use RSA signatures for
the IKE authentication method.
Note Before you begin to configure the settings for using SCEP to install certifi-
cates, make sure that the TMS zl Module has the correct time (show time). If
the module does not have the correct time, the SCEP process may fail. The
TMS zl Module takes its time from the host switch, so if you need to adjust the
time, you will need to configure the switch.
Enter the following command to configure the SCEP Server:
Syntax: certificates scep server < <IP address> | domain-name <domain name> > port
<port> [cgi-path <path>] [ca-identifier <identifier>]
Replace <IP address> with the IP address of your CA server. If you select
the domain-name option instead, replace <domain name> with the FQDN of
your CA server.
Replace <port> with the port number on which your CA server listens for
SCEP messages (1 to 65535). The typical port is 80.
Replace <path> with the correct path to the program on the CA server that
executes SCEP functions. If you do not enter the cgi-path option, the default
path, /certsrv/mscep/mscep.dll, which is valid on a typical Windows CA, is used.
Your CA should tell you the correct CGI path.
Replace <identifier> with the value the CA uses to identify the TMS zl
Module. A unique CA identifier is not always necessary (in which case, you
can omit this segment of the command). Your CA should tell you if you need
to specify a unique identifier and, if you do, what it is.
For example:
ProCurve(tms-module-<slot ID>:config)# certificates scep
server 192.168.11.52 port 81 cgi-path /certsrv/mscep/
mscep.dll ca-identifier tms
Enter the following command to retrieve the CA certificate, IPsec certificate,
and CRL, respectively (you must retrieve the CA certificate before you can
retrieve the others):
Syntax: certificates scep retrieve ca