HPE FlexNetwork 10500 Series Security Configuration Manual page 333

Figure 89 Network diagram
Device A
Host A
10.1.1.2/24
Configuring the Windows Server 2003 CA server
See "Requesting a certificate from a Windows Server 2003 CA
Configuring Device A
# Configure a PKI entity.
<DeviceA> system-view
[DeviceA] pki entity en
[DeviceA-pki-entity-en] ip 2.2.2.1
[DeviceA-pki-entity-en] common-name devicea
[DeviceA-pki-entity-en] quit
# Configure a PKI domain.
[DeviceA] pki domain 1
[DeviceA-pki-domain-1] ca identifier CA1
[DeviceA-pki-domain-1] certificate request url http://1.1.1.100/certsrv/mscep/mscep.dll
[DeviceA-pki-domain-1] certificate request entity en
[DeviceA-pki-domain-1] ldap-server host 1.1.1.102
# Configure the device to send certificate requests to ra.
[DeviceA-pki-domain-1] certificate request from ra
# Configure a general-purpose RSA key pair named abc with a length of 1024 bits.
[DeviceA-pki-domain-1] public-key rsa general name abc length 1024
[DeviceA-pki-domain-1] quit
# Generate the RSA key pair.
[DeviceA] public-key local create rsa name abc
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512,it will take a few minutes.
PKI certificate system
CA 1
1.1.1.101/32
LDAP 1
RA 1 1.1.1.102/32
1.1.1.100/32
GE1/0/1
2.2.2.1/24
Internet
Device B
GE1/0/1
3.3.3.1/24
Host B
11.1.1.2/24
316
server."