Aborting A Certificate Request - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
Configuration guidelines
A PKI domain can have local certificates using only one type of cryptographic algorithms (DSA or
•
RSA). If DSA is used, a PKI domain can have only one local certificate. If RSA is used, a PKI domain
can have one local certificate for signature, and one for encryption.
•
If a local certificate exists, do not request a certificate that conflicts with the existing one in online
mode, or use the public-key local create or public-key local destroy command to generate or
destroy a key pair with the same name as the key pair in the existing local certificate. Otherwise,
the existing local certificate becomes unavailable. To request a new local certificate, use the pki
delete-certificate command to remove the existing local certificate and then use the public-key local
create or public-key local destroy command to generate a new key pair or destroy the key pair
associated with the original local certificate.
Configuration procedure
To manually request a certificate:
Step
1.
Enter system view.
2.
Enter PKI domain view.
3.
Set the certificate request
mode to manual.
4.
Return to system view.
5.
Obtain the CA
certificate.
6.
Submit a certificate
request or generate a
certificate request in
PKCS#10 format.
Aborting a certificate request
Before the CA issues a certificate, you can abort a certificate request to change some parameters, such
as the common name, country code, and FQDN, in the certificate request. You can use display pki
certificate request-status to display the certificate request status.
Alternatively, you can also remove the PKI domain to abort the certificate request.
To abort a certificate request:
Step
1.
Enter system view.
2.
Abort a certificate request.
Command
system-view
pki domain domain-name
certificate request mode manual
quit
See
"Obtaining
certificates."
pki request-certificate domain
domain-name [ password
password ] [ pkcs10 [ filename
filename ] ]
Command
system-view
pki abort-certificate-request
domain domain-name
141
Remarks
N/A
N/A
By default, the manual request mode
applies.
N/A
N/A
This command is not saved in the
configuration file.
Executing the command triggers the
PKI entity to automatically generate a
key pair according to the key name,
algorithm and length defined in the PKI
domain if the key pair specified in the
PKI domain does not exist.
Remarks
N/A
This command is not saved in the
configuration file.
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
