Configuring HABP ··················································································································································· 233

Overview ······································································································································································· 233

Configuring the HABP server ····························································································································· 234

Configuring an HABP client ······························································································································· 234

Displaying and maintaining HABP ····························································································································· 235

HABP configuration example ······································································································································ 235

Managing public keys ············································································································································ 238

FIPS compliance ··························································································································································· 238

Configuration task list ·················································································································································· 239

Creating a local asymmetric key pair ························································································································ 239

Displaying or exporting the local host public key ···································································································· 240

Destroying a local asymmetric key pair ···················································································································· 241

Specifying the peer public key on the local device ·································································································· 242

Displaying and maintaining public keys ··················································································································· 243

Public key configuration examples ····························································································································· 243

Manually specifying the peer public key on the local device ········································································ 243

Importing a peer public key from a public key file ·························································································· 245

Configuring PKI ······················································································································································· 248

PKI terms ······························································································································································· 248

PKI architecture ···················································································································································· 249

PKI operation ······················································································································································· 250

PKI applications ··················································································································································· 250

PKI configuration task list ············································································································································ 250

Configuring an entity DN ············································································································································ 251

Configuring a PKI domain ··········································································································································· 252

Configuration guidelines ···································································································································· 253

Configuration procedure ···································································································································· 253

Submitting a PKI certificate request ···························································································································· 254

Submitting a certificate request in auto mode ·································································································· 254

Submitting a certificate request in manual mode ····························································································· 254

Retrieving a certificate manually ································································································································ 256

Configuring PKI certificate verification ······················································································································ 256

Configuring CRL-checking-enabled PKI certificate verification ······································································· 257

Configuring CRL-checking-disabled PKI certificate verification ······································································ 257

Destroying a local RSA key pair ································································································································ 258

Deleting a certificate ···················································································································································· 258

Configuring an access control policy ························································································································ 258

Displaying and maintaining PKI ································································································································· 259

PKI configuration examples ········································································································································· 259

Certificate request from an RSA Keon CA server ···························································································· 260

Certificate request from a Windows 2003 CA server ···················································································· 263

Certificate attribute access control policy configuration example ································································· 266

Troubleshooting PKI ····················································································································································· 267

Failed to retrieve a CA certificate ······················································································································ 267

Failed to request a local certificate ··················································································································· 268

Failed to retrieve CRLs ········································································································································ 268

Table of Contents

HP 3600 v2 Series Configuration Manual page 8

Troubleshooting

Related Manuals for HP 3600 v2 Series

Related Products for HP 3600 v2 Series

Table of Contents