Configuring A Pki Domain - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Step
2.
Create a PKI entity and
enter its view.
3.
Set a common name for the
entity.
4.
Set the country code of the
entity.
5.
Set the locality of the entity.
6.
Set the organization of the
entity.
7.
Set the unit of the entity in
the organization.
8.
Set the state where the
entity resides.
9.
Set the FQDN of the entity.
10. Configure the IP address of
the entity.
Configuring a PKI domain
A PKI domain contains enrollment information for a PKI entity. It is locally significant and is intended
only for reference by other applications like SSL.
Before enrolling with a CA, a PKI entity must authenticate the CA by obtaining the self-signed
certificate of the CA and verifying the fingerprint of the root CA certificate.
You can preconfigure the fingerprint for root CA certificate verification in a PKI domain.
•
If the CA certificate is imported or obtained through manual certificate request, the device
automatically compares the configured fingerprint with the fingerprint in the CA certificate. If the
two fingerprints do not match, the device rejects the CA certificate, and the certificate import or
request fails. If no fingerprint is configured in the PKI domain, the device displays the fingerprint
contained in the CA certificate on the terminal and asks you to manually verify the fingerprint.
•
If the CA certificate is obtained through automatic certificate request, the device automatically
verifies the CA certificate's fingerprint by using the fingerprint configured in the PKI domain. If
no fingerprint is configured in the domain, the device rejects the certificate.
To configure a PKI domain:
Step
1.
Enter system view.
2.
Create a PKI domain
and enter its view.
Command
pki entity entity-name
common-name
common-name-sting
country country-code-string
locality locality-name
organization org-name
organization-unit
org-unit-name
state state-name
fqdn fqdn-name-string
ip { ip-address | interface
interface-type
interface-number }
Command
system-view
pki domain domain-name
276
Remarks
By default, no PKI entities exist.
To create multiple PKI entities, repeat
this step.
By default, the common name is not
set.
By default, the country code is not set.
By default, the locality is not set.
By default, the organization is not set.
By default, the unit is not set.
By default, the state is not set.
By default, the FQDN is not set.
By default, the IP address is not
configured.
Remarks
N/A
By default, no PKI domains exist.
Advertisement
Table of Contents
Troubleshooting
