HP 5920 Series Configuration Manual page 202
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
Step
9.
Enter a fingerprint to
be matched against
the fingerprint of the
root CA certificate.
10.
Specify the key pair for
certificate request.
11.
(Optional.) Specify the
intended use for the
certificate.
12.
Specify a source IP
address for the PKI
protocol packets.
Command
In non-FIPS mode:
root-certificate fingerprint { md5 | sha1 }
string
In FIPS mode:
root-certificate fingerprint sha1 string
•
Specify an RSA key pair:
public-key rsa { { encryption name
encryption-key-name [ length
key-length ] | signature name
signature-key-name [ length
key-length ] } * | general name
key-name [ length key-length ] }
•
Specify a DSA key pair:
public-key dsa name key-name
[ length key-length ]
usage { ike | ssl-client | ssl-server } *
•
Specify the source IPv4 address for the
PKI protocol packets:
source ip { ip-address | interface
{interface-type interface-number }
•
Specify the source IPv6 address for the
PKI protocol packets:
source ipv6 { ipv6-address | interface
{ interface-type interface-number }}
191
Remarks
Before a PKI entity can enroll with a
CA, it must authenticate the CA by
obtaining the self-signed certificate
of the CA and verifying the
fingerprint of the CA certificate.
If a fingerprint is not entered in the
PKI domain, and if the CA
certificate is imported or obtained
through manual certificate request,
you must verify the fingerprint that
is displayed during authentication
of the CA certificate.
If the CA certificate is obtained
through automatic certificate
request, the certificate will be
rejected if a fingerprint has not
been entered.
By default, no fingerprint is
specified.
Use at either command.
By default, no key pair is specified.
You can specify a non-existing key
pair, which is generated during the
certificate application.
For information about how to
generate DSA and RSA key pairs,
see
"Managing public
keys."
By default, the certificate can be
used by all applications, including
IKE, SSL clients, and SSL server.
The extension options contained in
an issued certificate depend on the
CA policy, and they might be
different from those specified in the
PKI domain.
This task is required if the CA
policy requires that the CA server
accept certificate requests from a
specific IP address or subnet.
By default, the source IP address of
PKI protocol packets is the IP
address of their outgoing interface.
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
