HP 6125G Configuration Manual page 66

Fundamentals configuration guide

Hide thumbs Also See for 6125G:

Command reference manual (426 pages)

Configuration manual (379 pages)

Release note (60 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

Table of Contents

# Configure a PKI entity, configure the common name of the entity as http-server1, and the FQDN

of the entity as ssl.security.com.

<Device> system-view

[Device] pki entity en

[Device-pki-entity-en] common-name http-server1

[Device-pki-entity-en] fqdn ssl.security.com

[Device-pki-entity-en] quit

# Create a PKI domain, specify the trusted CA as new-ca, the URL of the server for certificate

request as http://10.1.2.2/certsrv/mscep/mscep.dll, authority for certificate request as RA, and

the entity for certificate request as en.

[Device] pki domain 1

[Device-pki-domain-1] ca identifier new-ca

[Device-pki-domain-1] certificate request url

http://10.1.2.2/certsrv/mscep/mscep.dll

[Device-pki-domain-1] certificate request from ra

[Device-pki-domain-1] certificate request entity en

[Device-pki-domain-1] quit

# Create RSA local key pairs.

[Device] public-key loc al create rsa

# Retrieve the CA certificate from the certificate issuing server.

[Device] pki retrieval-certificate ca domain 1

# Request a local certificate from a CA through SCEP for the device.

[Device] pki request-certificate domain 1

# Create an SSL server policy myssl, specify PKI domain 1 for the SSL server policy, and enable

certificate-based SSL client authentication.

[Device] ssl server-policy myssl

[Device-ssl-server-policy-myssl] pki-domain 1

[Device-ssl-server-policy-myssl] client-verify enable

[Device-ssl-server-policy-myssl] quit

# Create a certificate attribute group mygroup1, and configure a certificate attribute rule,

specifying that the distinguished name in the subject name includes the string of new-ca.

[Device] pki certificate attribute-group mygroup1

[Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca

[Device-pki-cert-attribute-group-mygroup1] quit

# Create a certificate attribute-based access control policy myacp. Configure a certificate

attribute-based access control rule, specifying that a certificate is considered valid when it matches

an attribute rule in certificate attribute group myacp.

[Device] pki certificate access-control-policy myacp

[Device-pki-cert-acp-myacp] rule 1 permit mygroup1

[Device-pki-cert-acp-myacp] quit

# Associate the HTTPS service with SSL server policy myssl.

[Device] ip https ssl-server-policy myssl

# Associate the HTTPS service with certificate attribute-based access control policy myacp.

[Device] ip https certificate access-control-policy myacp

# Enable the HTTPS service.

[Device] ip https enable

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

5500 hi series 6125 blade switch series

HP 6125G Configuration Manual page 66

Hide quick links:

Related Manuals for HP 6125G

Related Products for HP 6125G

This manual is also suitable for:

Table of Contents