Certificate Domain - HP MSR Series Command Reference Manual
Hide thumbs
Also See for MSR Series:
- Configuration manual (889 pages) ,
- Command reference manual (625 pages) ,
- Wan access configuration manual (293 pages)
Table of Contents
Advertisement
Use undo authentication-method to restore the default.
Syntax
authentication-method { dsa-signature | pre-share | rsa-signature }
undo authentication-method
Default
The IKE proposal uses the pre-shared key as the authentication method.
Views
IKE proposal view
Predefined user roles
network-admin
Parameters
dsa-signature: Specifies the DSA signatures as the authentication method.
pre-share: Specifies the pre-shared key as the authentication method.
rsa-signature: Specifies the RSA signatures as the authentication method.
Usage guidelines
Pre-shared key authentication does not require certificates as signature authentication, and it is usually
used in a simple network. Signature authentication provides higher security, and it is usually deployed in
a large-scale network, such as a network with many branches.
Authentication methods configured on both IKE ends must match.
If you specify RSA or DSA signatures, you must configure the IKE peer to obtain certificates from a CA.
If you specify pre-shared keys, you must configure these pre-shared keys on both IKE ends.
Examples
# Specify pre-shared key authentication to be used in IKE proposal 1.
<Sysname> system-view
[Sysname] ike proposal 1
[Sysname-ike-proposal-1] authentication-method pre-share
Related commands
display ike proposal
•
ike keychain
•
•
pre-shared-key
certificate domain
Use certificate domain to specify a PKI domain for IKE signatures.
Use undo certificate domain to remove the specified PKI domain configuration.
Syntax
certificate domain domain-name
undo certificate domain domain-name
352
Advertisement
Table of Contents
