Retrieving A Certificate Manually - HP A6600 Configuration Manual
Hide thumbs
Also See for A6600:
- Configuration manual (426 pages) ,
- Getting started (222 pages) ,
- Limited warranty (41 pages)
Table of Contents
Advertisement
To submit a certificate request in manual mode:
To do...
1.
Enter system view.
2.
Enter PKI domain view.
3.
Set the certificate request
mode to manual.
4.
Return to system view.
5.
Retrieve a CA certificate
manually.
6.
Generate a local RSA or DSA
key pair.
7.
Submit a local certificate
request manually.
NOTE:
If a PKI domain already has a local certificate, creating an RSA key pair results in inconsistency
•
between the key pair and the certificate. To generate a new RSA key pair, delete the local certificate
and then issue the public-key local create. For more information, see
A newly created key pair overwrites the existing one. If you perform public-key local create in the
•
presence of a local RSA or DSA key pair, the system asks whether you want to overwrite the existing
one.
If a PKI domain already has a local certificate, you cannot request another certificate for it. This helps
•
avoid inconsistency between the certificate and the registration information resulting from
configuration changes. Before requesting a new certificate, use pki delete-certificate to delete the
existing local certificate and the CA certificate stored locally.
When it is impossible to request a certificate from the CA through SCEP, print the request information
•
or save the request information to a local file, and then send the printed information or saved file to
the CA by an out-of-band means. To print the request information, use pki request-certificate
domain with the pkcs10 keyword. To save the request information to a local file, use pki request-
certificate domain with the pkcs10 filename
Make sure that the clocks of the entity and the CA are synchronous. Otherwise, the validity period of
•
the certificate is abnormal.
The pki request-certificate domain configuration is not saved in the configuration file.
•
Retrieving a certificate manually
download CA certificates, local certificates, or peer entity certificates from the CA server and save them
locally. To do so, use either the offline mode or the online mode. In offline mode, you must retrieve a
certificate by an out-of-band means like FTP, disk, or email and then import it into the local PKI system.
Certificate retrieval serves the following purposes:
Locally stores the certificates associated with the local security domain for improved query
•
efficiency and reduced query count
Command...
system-view
pki domain domain-name
certificate request mode manual
quit
See
"Retrieving a certificate
manually."
public-key local create { dsa | rsa }
pki request-certificate domain domain-
name [ password ] [ pkcs10 [
filename filename ] ]
filename
keyword and argument combination.
226
Remarks
—
—
Optional
Manual by default
—
Required
Required
Required
Security Command Reference
.
Advertisement
Table of Contents
Troubleshooting
