Retrieving A Certificate Manually - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
To do...
Retrieve a CA certificate manually
Generate a local RSA key pair
Submit a local certificate request
manually
NOTE:
If a PKI domain already has a local certificate, creating an RSA key pair will result in inconsistency
•
between the key pair and the certificate. To generate a new RSA key pair, delete the local certificate and
then issue the public-key local create command. For more information about the public-key local
create command, see
•
A newly created key pair will overwrite the existing one. If you perform the public-key local create
command in the presence of a local RSA key pair, the system will ask you whether you want to overwrite
the existing one.
If a PKI domain already has a local certificate, you cannot request another certificate for it. This helps
•
avoid inconsistency between the certificate and the registration information resulting from configuration
changes. Before requesting a new certificate, use the pki delete-certificate command to delete the
existing local certificate and the CA certificate stored locally.
When it is impossible to request a certificate from the CA through SCEP, you can print the request
•
information or save the request information to a local file, and then send the printed information or
saved file to the CA by an out-of-band means. To print the request information, use the pki
request-certificate domain command with the pkcs10 keyword. To save the request information to a
local file, use the pki request-certificate domain command with the pkcs10 filename
Make sure the clocks of the entity and the CA are synchronous. Otherwise, the validity period of the
•
certificate will be abnormal.
The pki request-certificate domain configuration will not be saved in the configuration file.
•
Retrieving a certificate manually
You can download CA certificates, local certificates, or peer entity certificates from the CA server and
save them locally. To do so, use either the offline mode or the online mode. In offline mode, you must
retrieve a certificate by an out-of-band means like FTP, disk, or email, and then import it into the local PKI
system.
Certificate retrieval serves the following purposes:
Locally store the certificates associated with the local security domain for improved query efficiency
•
and reduced query count
Prepare for certificate verification
•
Before retrieving a local certificate in online mode, be sure to complete the LDAP server configuration.
Follow these steps to retrieve a certificate manually:
Use the command...
See
"Retrieving a certificate
manually"
public-key local create rsa
pki request-certificate domain
domain-name [ password ]
[ pkcs10 [ filename filename ] ]
Security Command Reference
247
Remarks
Required
Required
No local RSA key pair exists by
default.
Required
.
filename
option.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
