Scenario 6: using crls (sa8200/ sa8220 only), Scenario 6: using crls (sa8200/sa8220 only) – HP Traffic Director sa7220 User Manual

C H A P T E R 6

HP Traffic Director Server Appliances User Guide

228

6. To create a certificate, type these commands:

HP SA8220/config/policygroup/richtest/service/

SSL# key certificate create

Certificate created (Expires in 30 days).

The service is SSL enabled. Define the servers

to start processing.

HP SA8220/config/policygroup/richtest/service/

SSL# server create serv2.prime.com port 80

Server serv2.prime.com port 80 has been created.

HP SA8220/config/policygroup/richtest/service/

SSL# server create serv3.prime.com port 80

Server serv3.prime.com port 80 has been created.

Scenario 6:
Using CRLs
(SA8200/
SA8220 only)

The SA8220 can be configured to work with Client 1 Lists (CRLs).
In this scenario, the SA8220 uses a CRL to validate that a client
certificate is not expired (i.e., does not appear in the CRL). For more
information on CRLs, please see Appendix B.

Prerequisites for Scenario 6

•

A Web server

•

A SA8220

•

A valid client authentication (CA) certificate

•

A public key infrastructure (PKI) server with a CA certificate
and the ability to:

- generate a CRL

- revoke certificates

- export the CRL using FTP, HTTP, or LDAP

NOTE: Scenario 6
assumes that you have
already completed all
steps in Scenario 5.

•

Ensure that SSL is set up correctly. See “Scenario 5: Using
SSL Acceleration (SA8200/SA8220 only)” in this chapter.