Displaying And Maintaining Pki; Pki Configuration Examples - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
1.
Enter system view.
2.
Create a certificate attribute
group and enter its view.
3.
(Optional.) Configure an
attribute rule for issuer
name, subject name, or
alternative subject name.
4.
Return to system view.
5.
Create a certificate-based
access control policy and
enter its view.
6.
Create a certificate access
control rule.
Displaying and maintaining PKI
Execute display commands in any view.
Task
Display the contents of a certificate.
Display certificate request status.
Display locally stored CRLs in a PKI
domain.
Display certificate attribute group
information.
Display certificate-based access control
policy information.
PKI configuration examples
You can use different software applications, such as Windows server, RSA Keon, and OpenCA, to
act as the CA server.
If you use Windows server or OpenCA, you must install the SCEP add-on for Windows server or
enable SCEP for OpenCA. In either case, when you configure a PKI domain, you must use the
certificate request from ra command to specify the RA to accept certificate requests.
If you use RSA Keon, the SCEP add-on is not required. When you configure a PKI domain, you must
use the certificate request from ca command to specify the CA to accept certificate requests.
Command
system-view
pki certificate attribute-group
group-name
attribute id { alt-subject-name
{ fqdn | ip } | { issuer-name |
subject-name } { dn | fqdn | ip } }
{ ctn | equ | nctn | nequ}
attribute-value
quit
pki certificate
access-control-policy
policy-name
rule [ id ] { deny | permit }
group-name
Command
display pki certificate domain domain-name { ca | local | peer
[ serial serial-num ] }
display pki certificate request-status [ domain domain-name ]
display pki crl domain domain-name
display pki certificate attribute-group [ group-name ]
display pki certificate access-control-policy [ policy-name ]
255
Remarks
N/A
By default, no certificate attribute
groups exist.
By default, not attribute rules are
configured.
N/A
By default, no certificate-based
access control policy exists.
By default, no certificate access
control rules are configured, and
all certificates can pass the
verification.
You can create multiple certificate
access control rules for a
certificate-based access control
policy.
Advertisement
Table of Contents
Troubleshooting
