Configuring Automatic Certificate Request; Manually Requesting A Certificate - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Do not use the public-key local create command to create a key pair with the same name
as the name of the key pair contained in the certificate.
Do not use the public-key local destroy command to destroy the key pair contained in the
certificate.
•
A PKI domain can have local certificates using only one type of cryptographic algorithms (DSA,
ECDSA, or RSA). If DSA or ECDSA is used, a PKI domain can have only one local certificate. If
RSA is used, a PKI domain can have one local certificate for signature, and one local certificate
for encryption.
Configuring automatic certificate request
IMPORTANT:
The device does not support automatic certificate rollover. To avoid service interruptions, you must
manually submit a certificate renewal request before the current certificate expires.
In auto request mode, a PKI entity with no local certificates automatically submits a certificate
request to the CA when an application works with the PKI entity, the entity automatically submits a
certificate request. It saves the certificate locally after obtaining the certificate from the CA.
A CA certificate must be present before you request a local certificate. If no CA certificate exists in the
PKI domain, the PKI entity automatically obtains a CA certificate before sending a certificate request.
To configure automatic certificate request:
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Set the certificate request
mode to auto.
Manually requesting a certificate
Before you manually submit a certificate request, make sure the CA certificate exists and a key pair
is specified for the PKI domain.
•
The CA certificate is used to verify the authenticity and validity of the obtained local certificate.
•
The key pair is used for certificate request. Upon receiving the public key and the identity
information, the CA signs and issues a certificate.
After the CA issues the certificate, the device obtains and saves it locally.
To manually request a certificate:
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Set the certificate
request mode to
manual.
Command
system-view
pki domain domain-name
certificate request mode auto
[ password { cipher | simple } string ]
Command
system-view
pki domain domain-name
certificate request mode manual
279
Remarks
N/A
N/A
By default, the manual
request mode applies.
In auto request mode, set
a password for certificate
revocation as required by
the CA policy.
Remarks
N/A
N/A
By default, the manual request
mode applies.
Advertisement
Table of Contents
Troubleshooting
