HP 5920 Series Configuration Manual page 214
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
a.
Select Control Panel > Add or Remove Programs from the start menu.
b.
Select Add/Remove Windows Components > Certificate Services.
c.
Click Next to begin the installation.
d.
Set the CA name. In this example, set the CA name to myca.
2.
Install the SCEP add-on:
By default, Windows Server 2003 does not support SCEP. You must install the SCEP add-on on the
server for a PKI entity to register and obtain a certificate from the server. After the SCEP add-on
installation is complete, you will see a URL. Specify this URL as the certificate request URL on the
device.
3.
Modify the certificate service attributes:
a.
Select Control Panel > Administrative Tools > Certificate Authority from the start menu.
If the certificate service component and SCEP add-on have been installed successfully, there
should be two certificates issued by the CA to the RA.
b.
Right-click the CA server in the navigation tree and select Properties > Policy Module.
c.
Click Properties, and then select Follow the settings in the certificate template, if applicable.
Otherwise, automatically issue the certificate.
4.
Modify the Internet information services attributes:
a.
Select Control Panel > Administrative Tools > Internet Information Services (IIS) Manager from
the start menu.
b.
Select Web Sites from the navigation tree.
c.
Right-click Default Web Site and select Properties > Home Directory.
d.
Specify the path for certificate service in the Local path box.
e.
Specify a unique TCP port number for the default website to avoid conflict with existing services.
In this example, port 8080 is used.
Configuring the device
1.
Synchronize the system time of the device with the CA server, so that the device can correctly
request a certificate. (Details not shown.)
2.
Create an entity named aaa with the common name as test.
<Device> system-view
[Device] pki entity aaa
[Device-pki-entity-aaa] common-name test
[Device-pki-entity-aaa] quit
3.
Configure a PKI domain:
# Create a PKI domain named winserver and enter its view.
[Device] pki domain winserver
# Specify the name of the trusted CA as myca.
[Device-pki-domain-winserver] ca identifier myca
# Configure the URL of the registration server in the form of
http://host:port/certsrv/mscep/mscep.dll, where host:port is the host IP address and port number
of the CA server.
[Device-pki-domain-winserver] certificate request url
http://4.4.4.1:8080/certsrv/mscep/mscep.dll
# Specify the RA to accept certificate requests.
203
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
