HP FlexNetwork 10500 Series Security Configuration Manual page 261
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
7.
(Optional.) Set the
SCEP polling interval
and maximum
number of polling
attempts.
8.
(Optional.) Specify
the LDAP server.
9.
Enter a fingerprint to
be matched against
the fingerprint of the
root CA certificate.
10. Specify the key pair
for certificate request.
Command
certificate request polling { count
count | interval minutes }
ldap-server host hostname [ port
port-number ] [ vpn-instance
vpn-instance-name ]
•
In non-FIPS mode:
root-certificate fingerprint { md5 |
sha1 } string
•
In FIPS mode:
root-certificate fingerprint sha1
string
•
Specify an RSA key pair:
public-key rsa { { encryption
name encryption-key-name
[ length key-length ] | signature
name signature-key-name [ length
key-length ] } * | general name
key-name [ length key-length ] }
•
Specify an ECDSA key pair:
public-key ecdsa name key-name
[ secp192r1 | secp256r1 |
secp384r1 | secp521r1 ]
•
Specify a DSA key pair:
public-key dsa name key-name
[ length key-length ]
247
Remarks
By default, the device polls the CA
server for the certificate request
status every 20 minutes. The
maximum number of polling
attempts is 50.
This task is required only when
the CRL repository is an LDAP
server and the URL of the CRL
repository does not contain the
host name of the LDAP server.
By default, no LDAP server is
specified.
Before a PKI entity can enroll with
a CA, it must authenticate the CA
by obtaining the self-signed
certificate of the CA and verifying
the fingerprint of the CA
certificate.
If a fingerprint is not entered in the
PKI domain, and if the CA
certificate is imported or obtained
through manual certificate
request, you must verify the
fingerprint that is displayed during
authentication of the CA
certificate.
If the CA certificate is obtained
through automatic certificate
request, the certificate will be
rejected if a fingerprint has not
been entered.
By default, no fingerprint is
specified.
By default, no key pair is
specified.
If the specified key pair does not
exist, the PKI entity automatically
creates the key pair before
submitting a certificate request.
For information about how to
generate DSA, ECDSA, and RSA
key pairs, see
"Managing public
keys."
Advertisement
Table of Contents
Troubleshooting
