EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Configuration Guide

HP 3600 v2 Series
449 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #269 background imageLoading...
Page #269 background image
256
Retrieving a certificate manually
You can download CA certificates, local certificates, or peer entity certificates from the CA server and
save them locally. To do so, use either the offline mode or the online mode. In offline mode, you must
retrieve a certificate by an out-of-band means like FTP, disk, or email, and then import it into the local PKI
system.
Certificate retrieval serves the following purposes:
• Locally store the certificates associated with the local security domain for improved query efficiency
and reduced query count
• Prepare for certificate verification
Configuration guidelines
• Before retrieving a local certificate in online mode, be sure to complete the LDAP server
configuration.
• If a PKI domain already has a CA certificate, you cannot retrieve another CA certificate for it. This
restriction helps avoid inconsistency between the certificate and registration information resulted
from configuration changes. To retrieve a new CA certificate, use the pki delete-certificate
command to delete the existing CA certificate and the local certificate first.
• The configuration made by the pki retrieval-certificate configuration is not saved in the
configuration file.
• Make sure the switch's system time falls in the validity period of the certificate so that the certificate
is valid.
Configuration procedure
To retrieve a certificate manually:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Retrieve a certificate
manually.
• In online mode:
pki retrieval-certificate { ca | local } domain
domain-name
• In offline mode:
pki import-certificate { ca | local } domain
domain-name { der | p12 | pem } [ filename
filename ]
Use either command.
Configuring PKI certificate verification
A certificate needs to be verified before being used. Certificate verification can examine whether the
certificate is signed by the CA and whether the certificate has expired or been revoked.
You can specify whether to perform CRL checking during certificate verification. If you enable CRL
checking, CRLs will be used in verification of a certificate, and you must retrieve the CA certificate and

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Security Configuration Guide
Security Configuration Guide398 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals