Aborting A Certificate Request; Obtaining Certificates; Configuration Prerequisites - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (132 pages) ,
- Configuration manual (63 pages)
Table of Contents
Advertisement
Step
4.
Return to system view.
5.
Obtain the CA
certificate.
6.
Submit a certificate
request or generate a
certificate request in
PKCS#10 format.
Aborting a certificate request
Before the CA issues a certificate, you can abort a certificate request and change its parameters, such as
the common name, country code, or FQDN. You can use the display pki certificate request-status
command to display the status of a certificate request.
Alternatively, you also can remove a PKI domain to abort the associated certificate request.
To abort a certificate request:
Step
1.
Enter system view.
2.
Abort a certificate request.
Obtaining certificates
You can obtain the CA certificate, local certificates, and peer certificates related to a PKI domain from
a CA and save them locally for higher lookup efficiency. To do so, use either the offline mode or the
online mode:
•
In offline mode, obtain the certificates by an out-of-band means like FTP, disk, or email, and then
import them locally. Use this mode when the CRL repository is not specified, the CA server does not
support SCEP, or the CA server generates the key pair for the certificates.
In online mode, you can obtain the CA certificate through SCEP and obtain local certificates or
•
peer certificates through LDAP.
Configuration prerequisites
To obtain local or peer certificates in online mode, specify the LDAP server for the PKI domain.
To import local or peer certificates in offline mode, perform the following tasks:
Command
quit
See
"Obtaining
certificates."
pki request-certificate domain
domain-name [ password password ]
[ pkcs10 [ filename filename ] ]
Command
system-view
pki abort-certificate-request
domain domain-name
224
Remarks
N/A
N/A
This command is not saved in the
configuration file.
This command triggers the PKI
entity to automatically generate
a key pair if the key pair
specified in the PKI domain does
not exist. The name, algorithm,
and length of the key pair are
configured in the PKI domain.
Remarks
N/A
This command is not saved in the
configuration file.
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
