EasyManuals Logo
Home>HP>Switch>3600 v2 Series

HP 3600 v2 Series Security Configuration Guide

HP 3600 v2 Series
398 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #256 background imageLoading...
Page #256 background image
245
• Fingerprint for root certificate verification—After receiving the root certificate of the CA, an entity
needs to verify the fingerprint of the root certificate, namely, the hash value of the root certificate
content. This hash value is unique to every certificate. If the fingerprint of the root certificate does not
match the one configured for the PKI domain, the entity will reject the root certificate.
Follow these steps to configure a PKI domain:
To do… Use the command… Remarks
Enter system view system-view —
Create a PKI domain and enter its
view
pki domain domain-name
Required
No PKI domain exists by default.
Specify the trusted CA ca identifier name
Required
No trusted CA is specified by
default.
Specify the entity for certificate
request
certificate request entity
entity-name
Required
No entity is specified by default.
The specified entity must exist.
Specify the authority for certificate
request
certificate request from { ca | ra }
Required
No authority is specified by
default.
Configure the certificate request
URL
certificate request url url-string
Required
No certificate request URL is
configured by default.
Configure the polling interval and
attempt limit for querying the
certificate request status
certificate request polling { count
count | interval minutes }
Optional
The polling is executed for up to 50
times at the interval of 20 minutes
by default.
Specify the LDAP server
ldap-server ip ip-address [ port
port-number ] [ version
version-number ]
Optional
No LDP server is specified by
default.
Configure the fingerprint for root
certificate verification
root-certificate fingerprint { md5 |
sha1 } string
Required when the certificate
request mode is auto and optional
when the certificate request mode
is manual. In the latter case, if you
do not configure this command, the
fingerprint of the root certificate
must be verified manually.
No fingerprint is configured by
default.
NOTE:
• Up to two PKI domains can be created on a switch.
• The CA name is required only when you retrieve a CA certificate. It is not used when in local certificate
request.
• The certificate request URL does not support domain name resolution.

Table of Contents

Other manuals for HP 3600 v2 Series

Preview: Command Reference
Command Reference479 pages
Preview: Installation Guide
Installation Guide62 pages
Preview: Compliance And Safety Manual
Compliance And Safety Manual51 pages
Preview: Configuration Guide
Configuration Guide449 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HP 3600 v2 Series and is the answer not in the manual?

HP 3600 v2 Series Specifications

General IconGeneral
BrandHP
Model3600 v2 Series
CategorySwitch
LanguageEnglish

Related product manuals