HPE FlexFabric 7900 Series Security Configuration Manual page 4
Hide thumbs
Also See for FlexFabric 7900 Series:
- Layer 3 ip routing command reference (414 pages) ,
- Security configuration manual (323 pages) ,
- Security command reference (320 pages)
Table of Contents
Advertisement
Configuration guidelines ··························································································································· 57
Configuration procedure ··························································································································· 58
Distributing a local host public key ··················································································································· 58
Exporting a host public key in a specific format to a file ··········································································· 59
Displaying a host public key in a specific format and saving it to a file ···················································· 59
Displaying a host public key ····················································································································· 59
Destroying a local key pair ······························································································································· 60
Configuring a peer public key ·························································································································· 60
Importing a peer host public key from a public key file ············································································ 61
Entering a peer public key ························································································································ 61
Displaying and maintaining public keys ··········································································································· 61
Examples of public key management ·············································································································· 61
Example for entering a peer public key ···································································································· 61
Example for importing a public key from a public key file ········································································ 63
Configuring PKI ····························································································· 66
Overview ·························································································································································· 66
PKI terminology ········································································································································ 66
PKI architecture ········································································································································ 67
PKI operation ··········································································································································· 67
PKI applications ······································································································································· 68
Support for MPLS L3VPN ························································································································ 68
Feature and software version compatibility ······································································································ 69
FIPS compliance ·············································································································································· 69
PKI configuration task list ································································································································· 69
Configuring a PKI entity ··································································································································· 69
Configuring a PKI domain ································································································································ 70
Requesting a certificate ··································································································································· 72
Configuration guidelines ··························································································································· 72
Configuring automatic certificate request ································································································· 73
Manually requesting a certificate ·············································································································· 73
Aborting a certificate request ··························································································································· 74
Obtaining certificates ······································································································································· 74
Configuration prerequisites ······················································································································ 74
Configuration guidelines ··························································································································· 74
Configuration procedure ··························································································································· 75
Verifying PKI certificates ·································································································································· 75
Verifying certificates with CRL checking ·································································································· 75
Verifying certificates without CRL checking ····························································································· 76
Specifying the storage path for the certificates and CRLs ··············································································· 76
Exporting certificates ········································································································································ 77
Removing a certificate ····································································································································· 77
Configuring a certificate-based access control policy ······················································································ 78
Displaying and maintaining PKI ······················································································································· 79
PKI configuration examples ····························································································································· 79
Requesting a certificate from an RSA Keon CA server ············································································ 79
Requesting a certificate from a Windows Server 2003 CA server ··························································· 82
Requesting a certificate from an OpenCA server ····················································································· 85
Certificate import and export configuration example ················································································ 88
Troubleshooting PKI configuration ··················································································································· 93
Failed to obtain the CA certificate ············································································································ 94
Failed to obtain local certificates ·············································································································· 94
Failed to request local certificates ············································································································ 95
Failed to obtain CRLs ······························································································································· 95
Failed to import the CA certificate ············································································································ 96
Failed to import a local certificate ············································································································· 97
Failed to export certificates ······················································································································ 97
Failed to set the storage path ··················································································································· 98
Configuring SSL ···························································································· 99
Overview ·························································································································································· 99
SSL security services ······························································································································· 99
ii
Advertisement
Table of Contents
Troubleshooting
