150
Backslash \ Right angle bracket >
Vertical bar | Quotation marks "
Colon : Apostrophe '
server-pki-domain domain-name: Specifies the PKI domain for verifying the server's certificate.
The domain-name argument represents the PKI domain name, a case-insensitive string of 1 to 31
characters, excluding the characters listed in Table 5.
prefer-compress: Specifies the preferred compression algorithm for data compression between the
server and the client. By default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
source: Specifies a source IPv6 address or source interface for IPv6 SCP packets. By default, the
device automatically selects a source address for IPv6 SCP packets in compliance with RFC 3484.
For successful SCP connections, use one of the following methods:
Specify the loopback interface as the source interface.
Specify the IPv6 address of the loopback interface as the source IPv6 address.
interface interface-type interface-number: Specifies a source interface by its type and number. The
IPv6 address of this interface is the source IPv6 address of the IPv6 SCP packets.
ipv6 ipv6-address: Specifies a source IPv6 address.
Usage guidelines
Table 6 Suite B algorithms
Security
Key exchange
Encryption algorithm
Public key algorithm
128-bit ecdh-sha2-nistp256 AEAD_AES_128_GCM
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
192-bit ecdh-sha2-nistp384 AEAD_AES_256_GCM x509v3-ecdsa-sha2-nistp384
Both
ecdh-sha2-nistp256
ecdh-sha2-nistp384
AEAD_AES_128_GCM
AEAD_AES_256_GCM
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
If the client and the server have negotiated to use certificate authentication, the client must verify the
server's certificate. For the client to correctly get the server's certificate, you must specify the server's
PKI domain on the client by using the server-pki-domain domain-name option. The client uses the
CA certificate stored in the specified PKI domain to verify the server's certificate and does not need to
save the server's public key before authentication. If you do not specify the server's PKI domain, the
client uses the PKI domain of its own certificate to verify the server's certificate.
Examples
# Use the 192-bit Suite B algorithms to establish a connection to the SCP sever 2000::1 and
download the file abc.txt from the server. Specify the client's PKI domain and the server's PKI
domain as clientpkidomain and serverpkidomain, respectively.
To Next Page
Loading...
Need help?
General
