Pki Configuration Examples; Certificate Request From An Rsa Keon Ca Server - HP 5500 HI Series Configuration Manual

Task
Display the contents or request
status of a certificate.
Display CRLs.
Display information about
certificate attribute groups.
Display information about
certificate attribute access control
policies.

PKI configuration examples

Unless otherwise noted, devices in the configuration examples are operating in non-FIPS mode.
When the CA uses Windows Server, the SCEP add-on is required, and you must use the certificate
request from ra command to specify that the entity request a certificate from an RA.
When the CA uses RSA Keon, the SCEP add-on is not required, and you must use the certificate request
from ca command to specify that the entity request a certificate from a CA.

Certificate request from an RSA Keon CA server

Network requirements
The switch submits a local certificate request to the CA server. The switch acquires the CRLs for certificate
verification.
Figure 81 Network diagram
Configuring the CA server
1. Create a CA server named myca:
In this example, you need to configure these basic attributes on the CA server at first:
Nickname—Name of the trusted CA.
Subject DN—DN information of the CA, including the Common Name (CN), Organization
Unit (OU), Organization (O), and Country (C).
Use the default values for the other attributes.
Command
display pki certificate { { ca | local }
domain domain-name |
request-status } [ | { begin |
exclude | include }
regular-expression ]
display pki crl domain
domain-name [ | { begin | exclude
| include } regular-expression ]
display pki certificate
attribute-group { group-name |
all } [ | { begin | exclude |
include } regular-expression ]
display pki certificate
access-control-policy { policy-name
| all } [ | { begin | exclude |
include } regular-expression ]
257
Remarks
Available in any view
Available in any view
Available in any view
Available in any view