Configuring HABP ··················································································································································· 233
Overview ······································································································································································· 233
Configuring HABP ························································································································································ 234
Configuring the HABP server ····························································································································· 234
Configuring an HABP client ······························································································································· 234
Displaying and maintaining HABP ····························································································································· 235
HABP configuration example ······································································································································ 235
Managing public keys ············································································································································ 238
Overview ······································································································································································· 238
FIPS compliance ··························································································································································· 238
Configuration task list ·················································································································································· 239
Configuring PKI ······················································································································································· 248
Overview ······································································································································································· 248
PKI terms ······························································································································································· 248
PKI architecture ···················································································································································· 249
PKI operation ······················································································································································· 250
PKI applications ··················································································································································· 250
PKI configuration task list ············································································································································ 250
Configuring an entity DN ············································································································································ 251
Configuring a PKI domain ··········································································································································· 252
Configuration guidelines ···································································································································· 253
Configuration procedure ···································································································································· 253
Retrieving a certificate manually ································································································································ 256
Configuration guidelines ···································································································································· 256
Configuration procedure ···································································································································· 256
Configuration guidelines ···································································································································· 257
Destroying a local RSA key pair ································································································································ 258
Deleting a certificate ···················································································································································· 258
Displaying and maintaining PKI ································································································································· 259
PKI configuration examples ········································································································································· 259
Troubleshooting PKI ····················································································································································· 267
Failed to retrieve CRLs ········································································································································ 268
vi