HP FlexNetwork 10500 Series Security Configuration Manual page 254

Hide thumbs Also See for FlexNetwork 10500 Series:
Table of Contents

Advertisement

Configuration procedure
1.
Make sure the device, the host, and the CA server can reach each other. (Details not shown.)
2.
Configure the device:
# Create a PKI entity named en. Specify http-server1 as the common name and
ssl.security.com as the FQDN.
<Device> system-view
[Device] pki entity en
[Device-pki-entity-en] common-name http-server1
[Device-pki-entity-en] fqdn ssl.security.com
[Device-pki-entity-en] quit
# Create PKI domain 1 and specify CA server as the name of the trusted CA. Set the URL of
the registration server to http://10.1.2.2/certsrv/mscep/mscep.dll, the authority for certificate
request to RA, and the entity for certificate request to en.
[Device] pki domain 1
[Device-pki-domain-1] ca identifier CA server
[Device-pki-domain-1] certificate request url
http://10.1.2.2/certsrv/mscep/mscep.dll
[Device-pki-domain-1] certificate request from ra
[Device-pki-domain-1] certificate request entity en
# Configure a general-purpose RSA key pair named abc and set the key modulus length to
1024 bits.
[Device-pki-domain-1] public-key rsa general name abc length 1024
[Device-pki-domain-1] quit
# Generate RSA key pair abc.
[Device] public-key local create rsa name abc
The range of public key size is (512 ~ 2048).
If the key modulus is greater than 512,it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys...
..........................++++++
.....................................++++++
Create the key pair successfully.
# Obtain the CA certificate.
[Device] pki retrieve-certificate domain 1 ca
The trusted CA's finger print is:
MD5
SHA1 fingerprint:DF6B C53A E645 5C81 D6FC 09B0 3459 DFD1 94F6 3DDE
Is the finger print correct?(Y/N):y
Retrieved the certificates successfully.
# Generate a local certificate request.
[Device] pki request-certificate domain 1
Start to request general certificate ...
Certificate requested successfully.
# Create an SSL server policy named myssl.
[Device] ssl server-policy myssl
# Specify PKI domain 1 for the SSL server policy.
[Device-ssl-server-policy-myssl] pki-domain 1
fingerprint:7682 5865 ACC2 7B16 6F52 D60F D998 4484
240

Advertisement

Table of Contents
loading

Table of Contents