EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #244 background imageLoading...
Page #244 background image
231
Step
Command
Remarks
7. (Optional.) Set the
SCEP polling interval
and maximum
number of polling
attempts.
certificate request polling
{
count
count |
interval
minutes }
By default, the switch polls the CA
server for the certificate request
status every 20 minutes. The
maximum
number of polling
attempts is 50.
8. (Optional.) Specify the
LDAP server.
ldap-server host
hostname
[
port
port-number
] [
vpn-instance
vpn-instance-name
]
This task is required only when
the CRL repository is an LDAP
server and the URL of the CRL
repository
does not contain the
host name of the LDAP server.
By default, no LDAP server is
specified.
9. Enter a fingerprint to
be matched against
the fingerprint of the
root CA certificate.
• In non-FIPS mode:
root-certificate fingerprint { md5 |
sha1 } string
• In FIPS mode:
root-certificate fingerprint sha1
string
Before a PKI entity can enroll with
a CA, it must authenticate the CA
by obtaining the self-signed
certificate of the CA and verifying
the fingerprint of the CA
certificate.
If a fingerprint is not entered in the
PKI domain, and if the CA
certificate is imported or obtained
through manual certificate
request, you must verify the
fingerprint that is displayed during
authentication
of the CA
certificate.
If the CA certificate is obtained
through automatic certificate
request, the certificate will be
rejected
if a fingerprint has not
been entered.
By default, no fingerprint is
specified.
10.
Specify the key pair
for certificate request.
• Specify an RSA key pair:
public-key rsa { { encryption
name encryption-key-name
[ length key-length ] | signature
name signature-key-name [ length
key-length ] } * |
general name
key-name [ length key-length ] }
• Specify an ECDSA key pair:
public-key ecdsa name key-name
[ secp192r1 | secp256r1 |
secp384r1 | secp521r1 ]
• Specify a DSA key pair:
public-key dsa name key-name
[ length key-length ]
The
public-key ecdsa
command
is available in Release 1121 and
later.
By default, no key pair is
specified.
If the specified key pair does not
exist, the PKI entity automatically
creates the key pair before
submitting a certificate request.
For information about creating key
pairs, see "Managing public keys."
11. (Optional.) Specify the
intended use for the
certificate.
usage
{
ike
|
ssl-client
|
ssl-server
} *
By default, the certificate can be
used by all applications, including
IKE, SSL clients, and SSL server.
The extension options contained
in an issued certificate depend on
the CA policy, and they might be
different from those specified in
the PKI domain.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals