Configuring Automatic Certificate Request; Manually Requesting A Certificate - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (424 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
Configuring automatic certificate request
IMPORTANT:
If an automatically requested certificate will soon expire or has expired, the entity does not initiate a
re-request to the CA automatically, and the applications using the certificate might be interrupted.
In auto request mode, a PKI entity automatically submits a certificate request to the CA when an
application works with the PKI entity that does not have a local certificate. The entity saves the certificate
locally after obtaining it from the CA.
A CA certificate must be present before you request a local certificate. If no CA certificate exists in the PKI
domain, the PKI entity automatically obtains a CA certificate before sending a certificate request.
Configuration guidelines
Make sure the system time is synchronized with the CA server. Otherwise, the certificate request
•
process might fail because the certificate might be regarded out of the validity period. For
information about how to change the system time, see Fundamentals Configuration Guide.
•
If a local certificate exists, do not use the public-key local create or public-key local destroy
command to generate or destroy a key pair with the same name as the key pair in the existing local
certificate. Otherwise, the existing local certificate becomes unavailable. To request a new local
certificate, use the pki delete-certificate command to remove the existing local certificate, and then
use the public-key local create or public-key local destroy command to generate a new key pair or
destroy the key pair associated with the original local certificate.
Configuration procedure
To configure automatic certificate request:
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Set the certificate request
mode to auto.
Manually requesting a certificate
IMPORTANT:
Before you manually request a certificate, make sure the system time of the device is synchronized with the
CA server. Otherwise, the device might fail to request the certificate because it regards the certificate out
of the validity period. For information about how to change the system time, see
Configuration Guide
Before you manually submit a certificate request, make sure the CA certificate exists and a key pair is
specified for the PKI domain:
The CA certificate is used to verify the authenticity and validity of the obtained local certificate.
•
Command
system-view
pki domain domain-name
certificate request mode auto [ password
{ cipher | simple } password ]
.
125
Remarks
N/A
N/A
By default, the manual
request mode applies.
In auto request mode, set a
password for certificate
revocation if the CA policy
requires the password.
Fundamentals
Advertisement
Table of Contents
Troubleshooting
