Retrieving A Certificate Manually - HP A5830 Series Configuration Manual
Security switch
Hide thumbs
Also See for A5830 Series:
- Command reference manual (249 pages) ,
- Configuration manual (246 pages) ,
- Configuration manual (207 pages)
Table of Contents
Advertisement
To do...
6.
Generate a local RSA key
pair.
Submit a local certificate
7.
request manually.
If a PKI domain already has a local certificate, creating an RSA key pair results in inconsistency between
the key pair and the certificate. To generate a new RSA key pair, delete the local certificate and then
issue the public-key local create command. For more information about the public-key local create
command, see Security Command Reference.
A newly created key pair overwrites the existing one. If you perform the public-key local create
command in the presence of a local RSA key pair, the system asks whether you want to overwrite the
existing one.
If a PKI domain already has a local certificate, you cannot request another certificate for it. This helps
avoid inconsistency between the certificate and the registration information resulting from configuration
changes. Before requesting a new certificate, use the pki delete-certificate command to delete the
existing local certificate and the CA certificate stored locally.
When it is impossible to request a certificate from the CA through SCEP, you can print the request
information or save the request information to a local file and then send the printed information or saved
file to the CA by an out-of-band method. To print the request information, use the pki request-certificate
domain command with the pkcs10 keyword. To save the request information to a local file, use the pki
request-certificate domain command with the pkcs10 filename filename option.
Make sure that the clocks of the entity and the CA are synchronous. Otherwise, the validity period of the
certificate is abnormal.
The pki request-certificate domain configuration is not saved in the configuration file.
Retrieving a certificate manually
You can download CA certificates, local certificates, or peer entity certificates from the CA server and
save them locally. To do so, use either the offline mode or the online mode. In offline mode, you must
retrieve a certificate by an out-of-band method such as FTP, disk, or email, and then import it into the
local PKI system.
Certificate retrieval serves the following purposes:
Locally stores the certificates associated with the local security domain for improved query
•
efficiency and reduced query count
Prepares for certificate verification
•
Before retrieving a local certificate in online mode, be sure to complete the LDAP server configuration.
To retrieve a certificate manually:
To do...
1.
Enter system view.
Use the command...
public-key local create rsa
pki request-certificate domain
domain-name [ password ] [
pkcs10 [ filename filename ] ]
Use the command...
system-view
154
Remarks
Required.
No local RSA key pair exists by
default.
Required.
Remarks
—
Advertisement
Table of Contents
Troubleshooting
