Certificate Import And Export Configuration Example - HP FlexNetwork 10500 Series Security Configuration Manual

Hide thumbs Also See for FlexNetwork 10500 Series:
Table of Contents

Advertisement

[Device-pki-cert-attribute-group-mygroup2] attribute 1 alt-subject-name fqdn nctn
apple
[Device-pki-cert-attribute-group-mygroup2] attribute 2 issuer-name dn ctn aabbcc
[Device-pki-cert-attribute-group-mygroup2] quit
5.
Configure a certificate-based access control policy:
# Create a certificate-based access control policy named myacp.
[Device] pki certificate access-control-policy myacp
# Define a statement to deny the certificates that match the attribute rules in certificate attribute
group mygroup1.
[Device-pki-cert-acp-myacp] rule 1 deny mygroup1
# Define a statement to permit the certificates that match the attribute rules in certificate
attribute group mygroup2.
[Device-pki-cert-acp-myacp] rule 2 permit mygroup2
[Device-pki-cert-acp-myacp] quit
Verifying the configuration
# On the host, access the HTTPS server through a Web browser.
The server first verifies the validity of the host's certificate according to the configured
certificate-based access control policy. In the host's certificate, the subject DN is aabbcc, the IP
address of the certificate issuer is 1.1.1.1, and the FQDN of the alternative subject name is banaba.
The host's certificate does not match certificate attribute group mygroup1 specified in rule 1 of the
certificate-based access control policy. The certificate continues to match against rule 2.
The host's certificate matches certificate attribute group mygroup2 specified in rule 2. Because rule
2 is a permit statement, the certificate passes the verification and the host can access the HTTPS
server.

Certificate import and export configuration example

Network requirements
As shown in
Device A has two local certificates containing the private key and one CA certificate. To make sure
the certificates are still valid after Device B replaces Device A, copy the certificates on Device A to
Device B as follows:
1.
Export the certificates in PKI domain exportdomain on Device A to .pem certificate files.
During the export, encrypt the private key in the local certificates by using 3DES_CBC with the
password 11111.
2.
Transfer the certificate files from Device A to Device B through the FTP host.
3.
Import the certificate files to PKI domain importdomain on Device B.
Figure
83, Device B will replace Device A in the network. PKI domain exportdomain on
266

Advertisement

Table of Contents
loading

Table of Contents