Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1311131213131314131513161317131813191320
A-59
Command-Line Reference
Global Configuration Context
Replace <filename> with the full certificate, CRL, or private key filename as
stored on the server. For example, c:/folder/cert.crt.
Replace <username> with the username on the account on your FTP or SCP
server. After entering this command, you will be prompted for the user’s
password.
For example:
hostswitch(tms-module-<slot ID>:config)# certificates
import ca ftp 192.168.11.23 c:/folder/cert.crt user user1
Password: ******
certificates scep
Use this command to configure the SCEP server. You can then use SCEP to
install the certificates that allow the TMS zl Module to use RSA signatures for
the IKE authentication method.
Note Before you begin to configure the settings for using SCEP to install certifi-
cates, make sure that the TMS zl Module has the correct time (show time). If
the module does not have the correct time, the SCEP process may fail. The
TMS zl Module takes its time from the host switch, so if you need to adjust the
time, you will need to configure the switch.
Enter the following command to configure the SCEP Server:
Syntax: certificates scep server < <IP address> | domain-name <domain name> > port
<port> [cgi-path <path>] [ca-identifier <identifier>]
Replace <IP address> with the IP address of your CA server. If you select
the domain-name option instead, replace <domain name> with the FQDN of
your CA server.
Replace <port> with the port number on which your CA server listens for
SCEP messages (1 to 65535). The typical port is 80.
Replace <path> with the correct path to the program on the CA server that
executes SCEP functions. If you do not enter the cgi-path option, the default
path, /certsrv/mscep/mscep.dll, which is valid on a typical Windows CA, is used.
Your CA should tell you the correct CGI path.