260
# Create a local key pair using RSA.
[RouterB] public-key local create rsa
# Request a certificate.
[RouterB] pki retrieval-certificate ca domain 1
[RouterB] pki retrieval-crl domain 1
[RouterB] pki request-certificate domain 1
# Configure IKE proposal 1, using RSA signature for identity authentication.
[RouterB] ike proposal 1
[RouterB-ike-proposal-1] authentication-method rsa-signature
[RouterB-ike-proposal-1] quit
# Specify the PKI domain for the IKE peer.
[RouterB] ike peer peer
[RouterB-ike-peer-peer] certificate domain 1
NOTE:
The configuration procedure covers only the configurations for IKE negotiation using RSA digital
signature. For an IPsec tunnel to be established, you also need to perform IPsec configurations. Fo
more information about IPsec configuration, see "Configuring IPsec."
Certificate access control policy configuration example
Network requirements
The host accesses the router through HTTPS.
SSL is employed to protect the router against illegal access.
Configure a certificate access control policy on the router to authenticate the host and verifies the
validity of the host's certificates.
Figure 75 Network diagram
Configuration procedure
For more information about SSL configuration, see "Configuring SSL."
For more information about HTTPS configuration, see HPE FlexNetwork MSR Router Series
Comware 5 Fundamentals Configuration Guide.
NOTE:
The PKI domain to be referenced by the SSL policy must be created in advance. For information
about how to configure a PKI domain, see "Configuring a PKI domain."
1. Configure the HTTPS server.
To Next Page
Loading...
Need help?
General
