Download Print this page

HPE FlexFabric 7900 Series Security Configuration Manual page 79

Hide thumbs Also See for FlexFabric 7900 Series:

Layer 3 ip routing command reference (414 pages)

,

Security configuration manual (323 pages)

,

Security command reference (320 pages)

Table Of Contents

Table of Contents

Advertisement

Step

7.

(Optional.) Set the

SCEP polling interval

and maximum

number of polling

attempts.

8.

(Optional.) Specify the

LDAP server.

9.

Enter a fingerprint to

be matched against

the fingerprint of the

root CA certificate.

10. Specify the key pair

for certificate request.

11. (Optional.) Specify the

intended use for the

certificate.

Command

certificate request polling { count

count | interval minutes }

ldap-server host hostname [ port

port-number ] [ vpn-instance

vpn-instance-name ]

•

In non-FIPS mode:

root-certificate fingerprint { md5 |

sha1 } string

•

In FIPS mode:

root-certificate fingerprint sha1

string

•

Specify an RSA key pair:

public-key rsa { { encryption name

encryption-key-name [ length

key-length ] | signature name

signature-key-name [ length

key-length ] } * | general name

key-name [ length key-length ] }

•

Specify a DSA key pair:

public-key dsa name key-name

[ length key-length ]

usage { ike | ssl-client | ssl-server } *

71

Remarks

Do not configure this command

when you request a certificate in

offline mode.

By default, the switch polls the CA

server for the certificate request

status every 20 minutes. The

maximum number of polling

attempts is 50.

This task is required only when

the CRL repository is an LDAP

server and the URL of the CRL

repository does not contain the

host name of the LDAP server.

By default, no LDAP server is

specified.

Before a PKI entity can enroll with

a CA, it must authenticate the CA

by obtaining the self-signed

certificate of the CA and verifying

the fingerprint of the CA

certificate.

If a fingerprint is not entered in the

PKI domain, and if the CA

certificate is imported or obtained

through manual certificate

request, you must verify the

fingerprint that is displayed during

authentication of the CA

certificate.

If the CA certificate is obtained

through automatic certificate

request, the certificate will be

rejected if a fingerprint has not

been entered.

By default, no fingerprint is

specified.

By default, no key pair is

specified.

If the specified key pair does not

exist, the PKI entity automatically

creates the key pair before

submitting a certificate request.

For information about creating key

pairs, see "Managing public keys."

By default, the certificate can be

used by all applications, including

IKE, SSL clients, and SSL server.

The extension options contained

in an issued certificate depend on

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Related Products for HPE FlexFabric 7900 Series