Configuring A Pki Domain - HP 5920 Series Configuration Manual

Hide thumbs Also See for 5920 Series:

Command reference manual (607 pages)

Configuration manual (424 pages)

Fc and fcoe configuration manual (257 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

Table of Contents

Step

Set the country code of the

entity.

Set the locality of the entity.

Set the organization of the

entity.

Set the unit of the entity in

the organization.

Set the state where the entity

resides.

Set the FQDN of the entity.

10.

Configure the IP address of

the entity.

Configuring a PKI domain

A PKI domain contains enrollment information for a PKI entity. It is locally significant and is intended only

for reference by other applications like SSL.

The fingerprint of a CA root certificate is the hash value of the root certificate content. Each CA root

certificate has a unique hash value. You can specify the fingerprint used for verifying the root certificate

in the PKI domain.

After receiving a CA root certificate that does not exist locally, the PKI entity verifies the fingerprint of the

root certificate in the following cases:

For an obtained or imported CA root certificate, if its fingerprint does not match the one configured

•

for the PKI domain, the device rejects the root certificate, and the obtain or import operation fails.

If you do not specify the fingerprint for the PKI domain, the system asks you to verify the fingerprint

manually.

•

For an obtained CA root certificate in an automatic local certificate request process that an

application triggers, if its fingerprint does not match the one configured for the PKI domain, the

device rejects the root certificate, and the local certificate request fails. If you do not specify the

fingerprint for the PKI domain, the local certificate request fails.

To configure a PKI domain:

Step

Enter system view.

Create a PKI domain

and enter its view.

Command

country country-code-string

locality locality-name

organization org-name

organization-unit org-unit-name

state state-name

fqdn fqdn-name-string

ip { ip-address | interface

interface-type

interface-number }

Command

system-view

pki domain domain-name

122

Remarks

By default, the country code is not set.

By default, the locality is not set.

By default, the organization is not set.

By default, the unit is not set.

By default, the state is not set.

By default, the FQDN is not set.

By default, the IP address is not

configured.

Remarks

N/A

By default, no PKI domains exist.

Table of Contents

Troubleshooting

This manual is also suitable for:

5900 series

Configuring A Pki Domain - HP 5920 Series Configuration Manual

Configuring a PKI domain

Troubleshooting

Related Manuals for HP 5920 Series

Related Content for HP 5920 Series

This manual is also suitable for:

Table of Contents