Submitting A Pki Certificate Request; Submitting A Certificate Request In Auto Mode - HP 5120 SI Series Security Configuration Manual

Hide thumbs Also See for 5120 SI Series:
Table of Contents

Advertisement

To do...
Specify the LDAP server
Configure the fingerprint for root
certificate verification
NOTE:
Up to two PKI domains can be created on a device.
The CA name is required only when you retrieve a CA certificate. It is not used when in local certificate
request.
The URL of the server for certificate request does not support domain name resolution.

Submitting a PKI certificate request

When requesting a certificate, an entity introduces itself to the CA by providing its identity information
and public key, which will be the major components of the certificate. A certificate request can be
submitted to a CA in an online mode or an offline mode. In offline mode, a certificate request is
submitted to a CA by an "out-of-band" means such as phone, disk, or email.
Online certificate request falls into manual mode and auto mode.

Submitting a certificate request in auto mode

In auto mode, an entity automatically requests a certificate from the CA server if it has no local certificate
for an application working with PKI.
Follow these steps to configure an entity to submit a certificate request in auto mode:
To do...
Enter system view
Enter PKI domain view
Set the certificate request mode to
auto
NOTE:
If a certificate will expire or has expired, the entity does not initiate a re-request automatically, and the
service using the certificate might be interrupted. To have a new local certificate, request one manually.
Use the command...
ldap-server ip ip-address [ port
port-number ] [ version
version-number ]
root-certificate fingerprint { md5 |
sha1 } string
Use the command...
system-view
pki domain domain-name
certificate request mode auto
[ key-length key-length | password
{ cipher | simple } password ] *
226
Remarks
Optional
No LDP server is specified by
default.
Required when the certificate
request mode is auto and optional
when the certificate request mode
is manual. In the latter case, if you
do not configure this command, the
fingerprint of the root certificate
must be verified manually.
No fingerprint is configured by
default.
Remarks
Required
Manual by default

Advertisement

Table of Contents
loading

Table of Contents