HP Traffic Director sa7220 User Manual
Page 203
C H A P T E R 5
SSL Commands (SA8200/SA8220 only)
191
config policygroup
service key client-ca
revocation url
NOTE: If refresh is set to a
non-zero value, and the
URL is invalid (or specifies
a non-valid CRL file), a
message is entered into the
system logs. We encourage
network administrators to
monitor these logs to ensure
the SA8220 is receiving
CRLs properly. Using the
refresh now command
causes the log message to be
printed to the screen. The
url command supports both
DER and PEM format
revocation lists.
Retrieves the CRL.
config policygroup
{user
where:
•
policy-name
is the name of a policy group
•
service-name
is the name of a service
•
url
is a URL used to retrieve the CRL. The format of the
URL is protocol://server:port/path. Valid protocols are FTP,
HTTP, and LDAP protocols are supported. See the examples
below.
•
username
is the optional username to access the URL
•
password
is the optional password to access the URL
•
none
clears the URL
•
Examples of the
url
parameter:
•
url ftp://ftp.newhost.com/myrevoke.crl user
anonymous
sets the URL path to myrevoke.crl on the host
ftp.newhost.com using the FTP protocol with the username of
anonymous, and no password.
•
url http://www.myhost.com:9800/CertEnroll/
server.crl
sets the URL path to CertEnroll/server.crl on
the host www.myhost.com using the HTTP protocol on port
9800.
•
url ldap://server.com/DC=company,CD=com,
CN=cRL password U8#h2k0W
sets the URL to /DC=
company, CD=com,CN=cRL on the host server.com using the
LDAP protocol with a password of U8#h2k0W.
config policygroup
service key create
NOTE: When the
procedure is complete, you
can type
info
at the prompt
to verify the key’s creation.
Creates a private key.
config policygroup
where:
•
policy-name
is the name of a policy group
•
service-name
is the name of a service
•
512
(the default) creates a 512 bit RSA private key
•
1024
creates a 1024 bit RSA private key
Command
Description