Certificate Access Control Policy Configuration - HP 6600 Security Configuration Manual
Hide thumbs
Also See for 6600:
- Command reference manual (286 pages) ,
- Configuration manual (236 pages) ,
- Installation and getting started manual (103 pages)
Table of Contents
Advertisement
[RouterB-pki-domain-1] ldap-server ip 1.1.1.102
# Set the registration authority to RA.
[RouterB-pki-domain-1] certificate request from ra
# Configure the CRL distribution URL. This is not necessary if CRL checking is disabled.
[RouterB-pki-domain-1] crl url ldap://1.1.1.102
[RouterB-pki-domain-1] quit
# Create a local key pair using RSA.
[RouterB] public-key local create rsa
# Request a certificate.
[RouterB] pki retrieval-certificate ca domain 1
[RouterB] pki retrieval-crl domain 1
[RouterB] pki request-certificate domain 1
# Configure IKE proposal 1, using RSA signature for identity authentication.
[RouterB] ike proposal 1
[RouterB-ike-proposal-1] authentication-method rsa-signature
[RouterB-ike-proposal-1] quit
# Specify the PKI domain for the IKE peer.
[RouterB] ike peer peer
[RouterB-ike-peer-peer] certificate domain 1
NOTE:
The configuration procedure covers only the configurations for IKE negotiation using RSA digital
signature. For an IPsec tunnel to be established, you also need to perform IPsec configurations. For more
information about IPsec configuration, see "Configuring IPsec."
Certificate access control policy configuration
Network requirements
The client accesses the remote Hypertext Transfer Protocol Secure (HTTPS) server through the HTTPS
protocol.
Configure SSL to make sure only legal clients log into the HTTPS server. Create a certificate
attribute-based access control policy to control access to the HTTPS server.
Figure 90 Network diagram
245
Advertisement
Table of Contents
Troubleshooting
