Configuring the HABP server ····························································································································· 232
Configuring an HABP client ······························································································································· 232
Displaying and maintaining HABP ····························································································································· 233
HABP configuration example ······································································································································ 233
Managing public keys ············································································································································ 236
Overview ······································································································································································· 236
FIPS compliance ··························································································································································· 236
Configuration task list ·················································································································································· 237
Configuring PKI ······················································································································································· 246
Overview ······································································································································································· 246
PKI terms ······························································································································································· 246
PKI architecture ···················································································································································· 247
PKI operation ······················································································································································· 247
PKI applications ··················································································································································· 248
PKI configuration task list ············································································································································ 248
Configuring an entity DN ············································································································································ 249
Configuring a PKI domain ··········································································································································· 250
Configuration guidelines ···································································································································· 251
Configuration procedure ···································································································································· 251
Retrieving a certificate manually ································································································································ 253
Configuration guidelines ···································································································································· 253
Configuration procedure ···································································································································· 254
Configuration guidelines ···································································································································· 254
Destroying a local RSA key pair ································································································································ 255
Deleting a certificate ···················································································································································· 256
Displaying and maintaining PKI ································································································································· 256
PKI configuration examples ········································································································································· 257
Troubleshooting PKI ····················································································································································· 265
Failed to retrieve CRLs ········································································································································ 266
Configuring IPsec ···················································································································································· 267
Overview ······································································································································································· 267
Basic concepts ····················································································································································· 267
vi