Setting global password control parameters ············································································································ 198

Setting user group password control parameters ····································································································· 199

Setting local user password control parameters ······································································································· 200

Setting super password control parameters ·············································································································· 201

Displaying and maintaining password control ········································································································· 202

Password control configuration example ·················································································································· 202

Network requirements ········································································································································· 202

Configuration procedure ···································································································································· 203

Verifying the configuration ································································································································· 204

Managing public keys ············································································································································ 206

Overview ······································································································································································· 206

FIPS compliance ··························································································································································· 206

Creating a local key pair ············································································································································ 207

Configuration guidelines ···································································································································· 207

Distributing a local host public key ···························································································································· 208

Exporting a host public key ································································································································ 208

Displaying a host public key ······························································································································ 209

Destroying a local key pair ········································································································································· 209

Configuring a peer host public key ···························································································································· 210

Importing a peer host public key from a public key file ·················································································· 210

Entering a peer host public key ························································································································· 210

Displaying and maintaining public keys ··················································································································· 211

Examples of public key management ························································································································ 211

Example for entering a peer host public key ···································································································· 211

Example for importing a public key from a public key file ············································································· 213

Configuring PKI ······················································································································································· 216

PKI terminology ···················································································································································· 216

PKI architecture ···················································································································································· 217

PKI operation ······················································································································································· 218

PKI applications ··················································································································································· 218

PKI configuration task list ············································································································································ 218

Configuring a PKI entity ·············································································································································· 219

Configuring a PKI domain ··········································································································································· 220

Requesting a certificate ··············································································································································· 222

Configuring automatic certificate request ········································································································· 223

Manually requesting a certificate ······················································································································ 223

Aborting a certificate request ····································································································································· 224

Obtaining certificates ·················································································································································· 224

Configuration prerequisites ································································································································ 224

Verifying PKI certificates ·············································································································································· 225

Verifying certificates with CRL checking ··········································································································· 226

Verifying certificates without CRL checking ······································································································ 226

Specifying the storage path for the certificates and CRLs ······················································································· 227

Exporting certificates ··················································································································································· 227

Removing a certificate ················································································································································· 228

Configuring a certificate-based access control policy ····························································································· 228

Displaying and maintaining PKI ································································································································· 229