HP 3600 v2 Series Security Configuration Manual page 256
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
Fingerprint for root certificate verification—After receiving the root certificate of the CA, an entity
•
needs to verify the fingerprint of the root certificate, namely, the hash value of the root certificate
content. This hash value is unique to every certificate. If the fingerprint of the root certificate does not
match the one configured for the PKI domain, the entity will reject the root certificate.
Follow these steps to configure a PKI domain:
To do...
Enter system view
Create a PKI domain and enter its
view
Specify the trusted CA
Specify the entity for certificate
request
Specify the authority for certificate
request
Configure the certificate request
URL
Configure the polling interval and
attempt limit for querying the
certificate request status
Specify the LDAP server
Configure the fingerprint for root
certificate verification
NOTE:
Up to two PKI domains can be created on a switch.
•
The CA name is required only when you retrieve a CA certificate. It is not used when in local certificate
•
request.
•
The certificate request URL does not support domain name resolution.
Use the command...
system-view
pki domain domain-name
ca identifier name
certificate request entity
entity-name
certificate request from { ca | ra }
certificate request url url-string
certificate request polling { count
count | interval minutes }
ldap-server ip ip-address [ port
port-number ] [ version
version-number ]
root-certificate fingerprint { md5 |
sha1 } string
245
Remarks
—
Required
No PKI domain exists by default.
Required
No trusted CA is specified by
default.
Required
No entity is specified by default.
The specified entity must exist.
Required
No authority is specified by
default.
Required
No certificate request URL is
configured by default.
Optional
The polling is executed for up to 50
times at the interval of 20 minutes
by default.
Optional
No LDP server is specified by
default.
Required when the certificate
request mode is auto and optional
when the certificate request mode
is manual. In the latter case, if you
do not configure this command, the
fingerprint of the root certificate
must be verified manually.
No fingerprint is configured by
default.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
