Manualshelf

TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
761762763764765766767768769770
7-246
Virtual Private Networks
Configure a GRE over IPsec VPN with IKE
Figure 7-214. Retrieve IPsec Certificate through SCEP Window
17. For Subject Name, typically you type the TMS zl Module’s FQDN after /CN=.
The remote tunnel endpoint will use this subject name to authenticate the
module. Therefore, the subject name must match a remote ID that is
configured on the remote endpoint. You should also specify this name for
the local ID value in the IKE policy (the type is Distinguished Name).
18. For Trusted Certificate to verify Certificate, select the CA root certificate that
you installed in step 10 on page 7-100.
19. For Certificate Type, select RSA-MD5 or RSA-SHA-1.
This setting determines the algorithm for the private key. You should have
selected RSA Signature for Authentication Method in the IKE policy.
20. For Encryption Algorithm, select 3DES or DES.
21. For Challenge Password, type the password that your CA has given you.
A challenge password is typically used to revoke a certificate, but your
CA may also require you to enter a challenge password to request a
certificate. If your CA does not require a password, leave this box empty.
22. For Identifier to store Private Key, type a string between 1 and 31 alphanu-
meric characters. The string must be unique to this private key.
23. For Key Size, select 512, 1024, or 2048, which determines the length of the
key in bits.
24. Click Apply.
After the CA returns the certificate, the certificate and the private key are
displayed in the VPN > Certificates > IPsec Certificates window.