Using Digital Certificates (Optional) - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Virtual Private Networks
Configuring a VPN Using IPSec
8-54
Setting the Username, Password, and Passphrase for One-time
Password (OTP) Authentication. OTP provides increased security by
using a passphrase to generate a series of passwords, each of which is used
only once. This prevents hackers from intercepting and hijacking an autho-
rized VPN user's authentication information.
Complete these steps to configure OTP authentication:
1. Change the authentication type to OTP.
Syntax: client authentication host xauth-type otp
2. Specify the username, password, and passphrase:
Syntax: client authentication host username <username> password <pass-
word> passphrase <passphrase>
For example:
ProCurve(config-crypto-ike)# client authentication host xauth-type otp
ProCurve(config-crypto-ike)# client authentication host username VPNPeer
password MyPassword passphrase MyPassphrase

Using Digital Certificates (Optional)

This section explains how to obtain certificates for the ProCurve Secure
Router. You should refer to this section only if you selected a digital signature
standard for the authentication method of at least one IKE attribute policy.
Overview
As discussed in the chapter overview, digital certificates rely on asymmetric
keys. Each host is issued two keys by its CA: a public key and a private key.
The public key decrypts data encrypted by its private key.
A host authenticates itself with a certificate, to which it appends its digital
signature. It creates the digital signature by hashing the certificate and then
encrypting the hash with its private key. The certificate itself consists of:
the host's identification information
the host's public key
the function used to hash the certificate
the CA's digital signature