To Next Page

To Previous Page

1. Configure the device (HTTPS server):

# Create PKI entity en. Set the common name to http-server1 and the FQDN to

ssl.security.com.

<Device> system-view

[Device] pki entity en

[Device-pki-entity-en] common-name http-server1

[Device-pki-entity-en] fqdn ssl.security.com

[Device-pki-entity-en] quit

# Create PKI domain 1 and configure the domain parameters.

[Device] pki domain 1

[Device-pki-domain-1] ca identifier new-ca

[Device-pki-domain-1] certificate request url

http://10.1.2.2/certsrv/mscep/mscep.dll

[Device-pki-domain-1] certificate request from ra

[Device-pki-domain-1] certificate request entity en

# Configure the domain to use RSA key pair hostkey for both signing and encryption during the

certificate request.

[Device-pki-domain-1] public-key rsa general name hostkey

[Device-pki-domain-1] quit

# Create RSA local key pairs.

[Device] public-key local create rsa

# Retrieve the CA certificate.

[Device] pki retrieve-certificate domain 1 ca

# Configure the device to request a local certificate through SCEP.

[Device] pki request-certificate domain 1

# Create SSL server policy myssl. Specify PKI domain 1 for the SSL server policy and enable

certificate-based SSL client authentication.

[Device] ssl server-policy myssl

[Device-ssl-server-policy-myssl] pki-domain 1

[Device-ssl-server-policy-myssl] client-verify enable

[Device-ssl-server-policy-myssl] quit

# Create certificate attribute group mygroup1. Configure a certificate attribute rule that

matches statements with the new-ca string in the distinguished name of the subject name.

[Device] pki certificate attribute-group mygroup1

[Device-pki-cert-attribute-group-mygroup1] attribute 1 issuer-name dn ctn new-ca

[Device-pki-cert-attribute-group-mygroup1] quit

# Create certificate attribute-based access control policy myacp. Configure a certificate

attribute-based access control rule that uses the matching criteria in certificate attribute group

mygroup1.

[Device] pki certificate access-control-policy myacp

[Device-pki-cert-acp-myacp] rule 1 permit mygroup1

[Device-pki-cert-acp-myacp] quit

# Associate SSL server policy myssl with the HTTPS service.

[Device] ip https ssl-server-policy myssl

# Associate certificate attribute-based access control policy myacp with the HTTPS service.

[Device] ip https certificate access-control-policy myacp

# Enable the HTTPS service.

[Device] ip https enable

Brand	HPE
Model	FlexNetwork 5130 EI Series
Category	Switch
Language	English

HPE FlexNetwork 5130 EI Series Fundamentals Configuration Guide

Table of Contents

Other manuals for HPE FlexNetwork 5130 EI Series

Questions and Answers:

HPE FlexNetwork 5130 EI Series Specifications

Related product manuals