EasyManuals Logo

HP MSR SERIES Command Reference

HP MSR SERIES
684 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #306 background imageLoading...
Page #306 background image
292
Syntax
In non-FIPS mode:
root-certificate fingerprint { md5 | sha1 } string
undo root-certificate fingerprint
In FIPS mode:
root-certificate fingerprint sha1 string
undo root-certificate fingerprint
Default
No fingerprint is set.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
md5: Sets an MD5 fingerprint.
sha1: Sets a SHA1 fingerprint.
string: Sets the fingerprint information in hexadecimal notation. If you specify the MD5 keyword, the
fingerprint is a string of 32 characters. If you specify the SHA1 keyword, the fingerprint is a string of 40
characters.
Usage guidelines
If you set the certificate request mode to auto, but the PKI domain does not have a CA certificate, you
must use this command to set the fingerprint for verifying the validity of the CA root certificate.
When an application, like IKE, triggers the device to request the local certificates, the device
automatically obtains the CA certificate from the CA server.
If the obtained CA certificate contains a CA root certificate that is not stored locally, the device verifies
the CA root certificate with the fingerprint. If the PKI domain is not configured with any fingerprint, the
local certificate request fails.
When you import the CA certificate using the pki import command or obtain the CA certificate using the
pki retrieve command, you can choose whether to set the fingerprint of the CA root certificate. If you
specify the fingerprint in the PKI domain but the CA certificate to be imported or the obtained CA
certificate contains a CA root certificate that is not stored locally, the device uses the specified fingerprint
in the PKI domain for verification and requires you to confirm the fingerprint. If you specify a wrong
fingerprint, you cannot import or obtain the CA certificate.
Examples
# Set an MD5 fingerprint for verifying the validity of the CA root certificate. (This configuration is
supported only in non-FIPS mode.)
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] root-certificate fingerprint md5
12EF53FA355CD23E12EF53FA355CD23E
# Set an SHA1 fingerprint for verifying the validity of the CA root certificate.

Table of Contents

Other manuals for HP MSR SERIES

Preview: Configuration Guide
Configuration Guide889 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP MSR SERIES and is the answer not in the manual?

HP MSR SERIES Specifications

General IconGeneral
Product SeriesMSR Series
ManufacturerHP
CategoryNetwork Router
PortsVaries by model
WAN InterfacesVaries by model
LAN InterfacesVaries by model
VPN SupportYes
FirewallYes
DimensionsVaries by model
WeightVaries by model
Wireless SupportVaries by model
ManagementWeb-based, CLI
Power SupplyVaries by model
Operating Temperature0°C to 45°C
Storage Temperature-40°C to 70°C
Humidity5% to 95% non-condensing

Related product manuals