Displaying And Maintaining Pki; Pki Configuration Examples; Certificate Request From An Rsa Keon Ca Server - HP 5920 Series Configuration Manual

Step
6. Create a certificate access
control rule (or statement).

Displaying and maintaining PKI

Execute display commands in any view.
Task
Display the contents of a certificate.
Display certificate request status.
Display locally stored CRLs.
Display certificate attribute group
information.
Display certificate access control policy
information.

PKI configuration examples

You can use different software applications, such as Windows server, RSA Keon, and OpenCA, to act as
the CA server.
If you use Windows server or OpenCA, install the SCEP add-on for Windows server or enable SCEP for
OpenCA. In either case, when you configure a PKI domain, you must use the certificate request from ra
command to specify the RA to accept certificate requests for PKI entity enrollment to an RA.
If you use RSA Keon, the SCEP add-on is not required. When you configure a PKI domain, you must use
the certificate request from ca command to specify the CA to accept certificate requests for PKI entity
enrollment to a CA.

Certificate request from an RSA Keon CA server

Network requirements
Configure the PKI entity (the Device) to request a local certificate from the CA server.
Figure 42 Network diagram
Command
rule [ id ] { deny | permit }
group-name
Command
display pki certificate domain domain-name { ca | local | peer
[ serial serial-num ] }
display pki certificate request-status [ domain domain-name ]
display pki crl domain domain-name
display pki certificate attribute-group [ group-name ]
display pki certificate access-control-policy [ policy-name ]
132
Remarks
By default, no statement is
configured, and all certificates can
pass the verification.
You can create multiple statements
for a certificate access control
policy.