Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1311131213131314131513161317131813191320
A-60
Command-Line Reference
Global Configuration Context
Replace <identifier> with the value the CA uses to identify the TMS zl
Module. A unique CA identifier is not always necessary (in which case, you
can omit this segment of the command). Your CA should tell you if you need
to specify a unique identifier and, if you do, what it is.
For example:
hostswitch(tms-module-<slot ID>:config)# certificates
scep server 192.168.11.52 port 81 cgi-path /certsrv/
mscep/mscep.dll ca-identifier tms
Enter the following command to retrieve the CA certificate, IPsec certificate,
and CRL, respectively (you must retrieve the CA certificate before you can
retrieve the others):
Syntax: certificates scep retrieve ca
Syntax: certificates scep retrieve ipsec-cert subject <name> ca <certificate> type
<rsa-md5 | rsa-sha1> encryption <des | 3des> challenge <challenge> private-key
id <ID> <size-512 | size-1024 | size-2048>
Syntax: certificates scep retrieve crl ca <certificate>
Replace <name> with the TMS zl Modules FQDN after /CN=. The remote
gateway or client will use this subject name to authenticate the module.
Therefore, the subject name must match a remote ID that is configured on the
remote endpoint. You should also specify this name for the local ID value in
the IKE policy (the type is Distinguished Name).
Replace <certificate> with the name of the CA root certificate that you
installed with the certificates scep retrieve ca command.
Replace <challenge> with the challenge password that your CA has given
you. A challenge password is typically used to revoke a certificate, but your
CA may also require you to enter a challenge password to request a certificate.
Replace <ID> with a string between 1 and 31 alphanumeric characters. The
string must be unique to this private key.
no certificates
Use this command to clear the SCEP server settings and to delete certificates,
CRLs, private keys, and certificate requests.
Enter the following command to clear the SCEP server settings:
Syntax: no certificates scep server [ca-identifier]