Configuring A Certificate Attribute-Based Access Control Policy - 3Com MSR 50 Series Configuration Manual

1846 C 97: PKI C
HAPTER
n
Configuring a Certificate
Attribute-Based Access
Control Policy
ONFIGURATION
# Set the registration authority to RA.
[RouterB-pki-domain-1] certificate request from ra
# Configure the URL for the CRL distribution. This is not necessary if CRL checking
is disabled.
[RouterB -pki-domain-1] crl url ldap://2.1.1.102
[RouterB-pki-domain-1] quit
# Create a local key pair using RSA.
[RouterB-pki-entity-en] quit
[RouterB] public-key local create rsa
# Request a certificate.
[RouterB] pki retrieval-certificate ca domain 1
[RouterB] pki retrieval-crl domain 1
[RouterB] pki request-certificate domain 1
# Configure IKE proposal 1, using RSA signature for identity authentication.
[RouterB] ike proposal 1
[RouterB-ike-proposal-1] authentication-method rsa-signature
[RouterB-ike-proposal-1] quit
# Specify the PKI domain for the IKE peer.
[RouterB]ike peer peer
[RouterB-ike-peer-peer]certificate domain 1
The above configuration procedure covers only the configurations for IKE
negotiation using RSA digital signature. For an IPSec tunnel to be established, you
also need to perform IPSec configurations. For information about IPSec
configuration, refer to
Network requirements
The client accesses the remote HTTPS server through the HTTP security (HTTPS)
■
protocol.
SSL is configured to ensure that only legal clients log into the HTTPS server.
■
Create a certificate attribute-based access control policy to control access to
■
the HTTPS server.
"IPSec Configuration" on page 1877.