HPE FlexNetwork 7500 Series Security Configuration Manual page 7

FIPS compliance ············································································································································ 215
Password control configuration task list ········································································································· 215
Enabling password control ····························································································································· 215
Setting global password control parameters ·································································································· 216
Setting user group password control parameters ·························································································· 217
Setting local user password control parameters ···························································································· 218
Setting super password control parameters ·································································································· 218
Displaying and maintaining password control ································································································ 219
Password control configuration example ······································································································· 219
Network requirements ···························································································································· 219
Configuration procedure ························································································································· 220
Verifying the configuration ······················································································································ 221
Managing public keys ················································································· 223
Overview ························································································································································ 223
FIPS compliance ············································································································································ 223
Creating a local key pair ································································································································ 223
Distributing a local host public key ················································································································· 225
Exporting a host public key ···················································································································· 225
Displaying a host public key ··················································································································· 225
Destroying a local key pair ····························································································································· 226
Configuring a peer host public key ················································································································· 226
Importing a peer host public key from a public key file ·········································································· 226
Entering a peer host public key ·············································································································· 227
Displaying and maintaining public keys ········································································································· 227
Examples of public key management ············································································································ 227
Example for entering a peer host public key ·························································································· 227
Example for importing a public key from a public key file ······································································ 229
Configuring SSL ·························································································· 232
Overview ························································································································································ 232
SSL security services ····························································································································· 232
SSL protocol stack ································································································································· 232
FIPS compliance ············································································································································ 233
SSL configuration task list ······························································································································ 233
Configuring an SSL server policy ··················································································································· 233
Configuring an SSL client policy ···················································································································· 235
Displaying and maintaining SSL ···················································································································· 237
SSL server policy configuration example ······································································································· 237
Configuring PKI ··························································································· 240
Overview ························································································································································ 240
PKI terminology ······································································································································ 240
PKI architecture ······································································································································ 241
PKI operation ········································································································································· 241
PKI applications ····································································································································· 242
Support for MPLS L3VPN ······················································································································ 242
FIPS compliance ············································································································································ 243
PKI configuration task list ······························································································································· 243
Configuring a PKI entity ································································································································· 243
Configuring a PKI domain ······························································································································ 244
Requesting a certificate ································································································································· 246
Configuration guidelines ························································································································· 246
Configuring automatic certificate request ······························································································· 247
Manually requesting a certificate ············································································································ 247
Aborting a certificate request ························································································································· 248
Obtaining certificates ····································································································································· 248
Configuration prerequisites ···················································································································· 248
Configuration guidelines ························································································································· 248
Configuration procedure ························································································································· 249
Verifying PKI certificates ································································································································ 249
Verifying certificates with CRL checking ································································································ 249
v