EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Security Configuration Guide

HP 3600 v2 Series
398 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #259 background imageLoading...
Page #259 background image
248
To do… Use the command… Remarks
Enter system view system-view —
Retrieve a
certificate
manually
Online
pki retrieval-certificate { ca | local } domain
domain-name
Required
Use either command.
Offline
pki import-certificate { ca | local } domain
domain-name { der | p12 | pem } [ filename
filename ]
CAUTION:
• If a PKI domain already has a CA certificate, you cannot retrieve another CA certificate for it. This
restriction helps avoid inconsistency between the certificate and registration information resulted from
configuration changes. To retrieve a new CA certificate, use the pki delete-certificate command to
delete the existing CA certificate and the local certificate first.
• The pki retrieval-certificate configuration will not be saved in the configuration file.
• Be sure that the switch’s system time falls in the validity period of the certificate so that the certificate is
valid.
Configuring PKI certificate verification
A certificate needs to be verified before being used. Verifying a certificate is to check whether the
certificate is signed by the CA and whether the certificate has expired or been revoked.
You can specify whether to perform CRL checking during certificate verification. If you enable CRL
checking, CRLs will be used in verification of a certificate, and you must retrieve the CA certificate and
CRLs to the local switch before the certificate verification. If you disable CRL checking, you only need to
retrieve the CA certificate.
Configuring CRL-checking-enabled PKI certificate verification
Follow these steps to configure CRL-checking-enabled PKI certificate verification:
To do… Use the command… Remarks
Enter system view system-view —
Enter PKI domain view pki domain domain-name —
Specify the URL of the CRL
distribution point
crl url url-string
Optional
No CRL distribution point URL is
specified by default.
Set the CRL update period crl update-period hours
Optional
By default, the CRL update period
depends on the next update field in
the CRL file.
Enable CRL checking crl check enable
Optional
Enabled by default
Return to system view quit —

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages
Preview: Configuration Guide
Configuration Guide449 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals