Aborting A Certificate Request; Obtaining Certificates; Configuration Prerequisites - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
5.
Obtain a CA certificate.
6.
Submit a certificate
request or generate a
certificate request in
PKCS#10 format.
Aborting a certificate request
Before the CA issues a certificate, you can abort a certificate request and change its parameters,
such as the common name, country code, or FQDN. You can use the display pki certificate
request-status command to display the status of a certificate request.
Alternatively, you also can remove a PKI domain to abort the associated certificate request.
To abort a certificate request:
Step
1.
Enter system view.
2.
Abort a certificate request.
Obtaining certificates
You can obtain the CA certificate, local certificates, and peer certificates related to a PKI domain from
a CA and save them locally for higher lookup efficiency. To do so, use either the offline mode or the
online mode:
•
In offline mode, obtain the certificates by an out-of-band means like FTP, disk, or email, and
then import them locally. Use this mode when the CRL repository is not specified, the CA server
does not support SCEP, or the CA server generates the key pair for the certificates.
•
In online mode, you can obtain the CA certificate through SCEP and obtain local certificates or
peer certificates through LDAP.
Configuration prerequisites
To obtain local or peer certificates in online mode, specify the LDAP server for the PKI domain.
To import local or peer certificates in offline mode, perform the following tasks:
•
Use FTP or TFTP to upload the certificate files to the storage media of the device. If FTP or
TFTP is not available, display and copy the contents of a certificate to a file on the device. Make
sure the certificate is in PEM format because only certificates in PEM format can be imported.
•
To import a certificate, a CA certificate chain must exist in the PKI domain, or be contained in the
certificate. If the CA certificate chain is not available, obtain it before importing the certificate.
Command
See
"Obtaining
certificates."
pki request-certificate domain
domain-name [ password password ]
[ pkcs10 [ filename filename ] ]
Command
system-view
pki abort-certificate-request
domain domain-name
250
Remarks
N/A
This command is not saved in
the configuration file.
This command triggers the PKI
entity to automatically generate
a key pair if the key pair
specified in the PKI domain
does not exist. The name,
algorithm, and length of the key
pair are configured in the PKI
domain.
Remarks
N/A
This command is not saved in the
configuration file.
Advertisement
Table of Contents
Troubleshooting
