HP VSR1000 Security Configuration Manual page 148
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
Step
3.
Specify the trusted CA.
4.
Specify the entity for
certificate request.
5.
Specify the authority
for accepting
certificate requests.
6.
Specify the URL of the
registration server for
certificate request.
7.
(Optional.) Set the
polling interval and
maximum number of
attempts for querying
the certificate request
status.
8.
Specify the LDAP
server.
9.
Specify the fingerprint
for root certificate
verification.
10.
Specify the key pair for
certificate request.
Command
ca identifier name
certificate request entity entity-name
certificate request from { ca | ra }
certificate request url url-string
[ vpn-instance vpn-instance-name ]
certificate request polling { count count |
interval minutes }
ldap-server host hostname [ port
port-number ]
In non-FIPS mode:
root-certificate fingerprint { md5 | sha1 }
string
In FIPS mode:
root-certificate fingerprint sha1 string
•
Specify an RSA key pair:
public-key rsa { { encryption name
encryption-key-name [ length
key-length ] | signature name
signature-key-name [ length
key-length ] } * | general name
key-name [ length key-length ] }
•
Specify a DSA key pair:
public-key dsa name key-name
[ length key-length ]
138
Remarks
By default, no trusted CA is
specified.
To obtain a CA certificate, the
trusted CA name must be provided.
The trusted CA name is in SCEP
messages, and the CA server does
not use this name unless the server
has two CAs configured with the
same registration server.
By default, no entity is specified.
By default, no authority is
specified.
By default, the URL of the
registration server is not specified.
Do not configure this command
when you request a certificate in
offline mode.
By default, the polling interval is 20
minutes, and the maximum number
of attempts is 50.
Required when the LDAP server
acts as the CRL repository, or the
URL of the CRL repository does not
contain the host name.
By default, no LDAP server is
specified.
Optional if you manually request
local certificates.
If you want to verify the fingerprint
manually, do not configure this
command.
By default, no fingerprint is
specified.
Use either command.
By default, no key pair is specified.
You can specify a non-existing key
pair, which is generated during the
certificate application.
For information about how to
generate DSA and RSA key pairs,
see
"Managing public
keys."
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
