Manually Requesting A Certificate - HP VSR1000 Security Configuration Manual

entity automatically submits a certificate request and saves the certificate locally after obtaining it from
the CA.
A CA certificate must be present before you request a local certificate. If no CA certificate exists in the PKI
domain, the PKI entity automatically obtains a CA certificate before sending a certificate request.
Configuration guidelines
Make sure the system time is synchronized with the CA server. Otherwise, the certificate request
•
process might fail because the certificate might be regarded out of the validity period. For
information about how to change the system time, see Fundamentals Configuration Guide.
If a local certificate exists, do not use the public-key local create or public-key local destroy
•
command to generate or destroy a key pair with the same name as the key pair in the existing local
certificate. Otherwise, the existing local certificate becomes unavailable. To request a new local
certificate, use the pki delete-certificate command to remove the existing local certificate, and then
use the public-key local create or public-key local destroy command to generate a new key pair or
destroy the key pair associated with the original local certificate.
Configuration procedure
To configure automatic certificate request:
Step
1. Enter system view.
2. Enter PKI domain view.
3. Set the certificate request
mode to auto.

Manually requesting a certificate

IMPORTANT:
Before you manually request a certificate, make sure the system time of the device is synchronized with the
CA server. Otherwise, the device might fail to request the certificate because it regards the certificate out
of the validity period. For information about how to change the system time, see
Configuration Guide
Before you manually submit a certificate request, make sure the CA certificate exists and a key pair is
specified for the PKI domain:
The CA certificate is used to verify the authenticity and validity of the obtained local certificate.
•
• The key pair is used for certificate request. Upon receiving the public key and the identity
information, the CA signs and issues a certificate.
After the CA issues the certificate, the device obtains and saves it locally.
Command
system-view
pki domain domain-name
certificate request mode auto [ password
{ cipher | simple } password ]
.
140
Remarks
N/A
N/A
By default, the manual
request mode applies.
In auto request mode, set a
password for certificate
revocation if the CA policy
requires the password.
Fundamentals